| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rewrites the image proxy handler to address several issues:
- Stream responses with io.Copy instead of buffering entire image in memory
- Add 25MB size limit via io.LimitReader to prevent memory exhaustion
- Close resp.Body (was previously leaked on every request)
- Validate Content-Type is an image, rejecting HTML/JS/etc
- Forward Content-Type and Content-Length from upstream
- Use http.NewRequestWithContext to propagate client cancellation
- Check upstream status codes, returning 502 for non-2xx
- Fix ETag: use proper quoted format, remove bogus Etag request header check
- Increase timeout from 5s to 30s for slow image servers
- Use proper HTTP status codes (400 for bad input, 502 for upstream errors)
- Add Cache-Control max-age directive alongside Expires header
Tests: comprehensive coverage for Content-Type filtering, upstream errors,
streaming, ETag validation, User-Agent forwarding, and Content-Length.
Benchmarks: cache hit path and streaming at 1KB/64KB/1MB/5MB sizes.
https://claude.ai/code/session_01CZcDDVmF6wNs2YjdhvCppy
|
| |
|
|
| |
Vanilla JS (V3)
|
| |
|
|
|
|
|
| |
- Update Makefile to correctly build and copy frontend-vanilla (v3) assets
- Fix frontend-vanilla/vite.config.ts to build to its own dist directory
- Normalize CSRF check path and exclude /api/logout to fix v3 session clearing
- Include latest built assets for v3
|
| |
|
|
| |
embed dist/v3
|
| | |
|
| | |
|
| |
|
|
| |
field to config.Settings\n- Added --secure-cookies command line flag\n- Updated CSRFMiddleware to use config setting instead of hardcoded value\n- Default is false for local development, set to true for production HTTPS\n- Updated config.example and README.md with documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis allows users to easily switch between insecure cookies (for local dev)\nand secure cookies (for production HTTPS) via config file or command line.
|
| | |
|
| |
|
|
| |
(fixing NK-gfh33y)
|
| |
|
|
| |
with v1
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Created new 'api' package with testable router and RESTful handlers
- Handlers in 'api' use proper HTTP methods and status codes
- Standardized JSON responses and error handling
- Refactored 'web' package to delegate logic to 'api'
- Maintained backward compatibility for legacy frontend routes
- Simplified 'web/web_test.go' and added comprehensive 'api/api_test.go'
- All tests passing with improved modularity
|
|
|
Bug fixes:
- config: remove unused log import
- item: fix Printf format %d->%t for boolean ReadState
- util: update stale config.Read -> config.Init, remove config.Config.DBServer
Test files added:
- config/config_test.go: Init, readConfig, addDefaults (100%)
- vlog/vlog_test.go: Printf, Println verbose/silent (100%)
- models/db_test.go: InitDB tests
- models/feed/feed_test.go: CRUD, filter, Categories, NewFeed, ResolveFeedURL (87%)
- models/item/item_test.go: CRUD, Filter with category/search/starred, rewriteImages (71%)
- exporter/exporter_test.go: all export formats (91%)
- importer/importer_test.go: InsertIItem, ImportJSON (90%)
- crawler/crawler_test.go: GetFeedContent, CrawlFeed, CrawlWorker, Crawl (89%)
- web/web_test.go: auth, login/logout, stream, item, feed, category,
export, crawl, imageProxy handlers (77%)
Remaining 0% functions require HTTP/rice.MustFindBox/main entry and
can't be unit tested without refactoring (see tickets NK-gqkh96, NK-6q9nyg).
|
