aboutsummaryrefslogtreecommitdiffstats
path: root/web
Commit message (Collapse)AuthorAgeFilesLines
* Complete V2 removal from Makefile and check in updated V3 production assetsAdam Mathes9 days3-4/+4
|
* Remove legacy V2 React frontend and update build/test scripts to focus on ↵Adam Mathes9 days7-38/+5
| | | | Vanilla JS (V3)
* Fix CSP violation on login page by moving inline script to external fileAdam Mathes9 days2-5/+13
|
* Update frontend build artifacts and fix test lint errorsAdam Mathes9 days5-21/+21
|
* Fix scroll-to-read functionality across all UIs (V1, V2, V3)Adam Mathes9 days1-139/+156
|
* Remove circle styling from NEKO sidebar toggle buttonclaude/thicket-ready-crank-RmQuIClaude9 days8-20/+20
| | | | | | | Strip border-radius, box-shadow, background, and backdrop-filter from the sidebar toggle in both v2 and v3 frontends so the logo appears flat. https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9
* Add tests for CSRF exclusions, Filter includeContent, multi-feed, and routingClaude9 days2-0/+93
| | | | | | | | | | | - CSRF: test excluded paths (/api/login, /api/logout), PUT/DELETE methods - Item model: test Filter includeContent flag, ItemById returns content, multiple feed_ids filtering - API: test read_filter=all param, feed_ids comma-separated filter, full_content exclusion from stream - Routing: add v3 frontend route test https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9
* Align sidebar CSS breakpoints with JS threshold at 1024pxClaude9 days4-11/+11
| | | | | | | | The sidebar default-closed JS logic used 1024px but CSS media queries used 768px, causing inconsistent behavior on tablets. Updated all sidebar-related breakpoints to 1024px/1025px to match. https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9
* Enhance CSRF protection for login pageAdam Mathes9 days3-33/+61
| | | | | | | | | | Login form now includes a CSRF token from the cookie as a hidden form field. The CSRF middleware accepts tokens from either the X-CSRF-Token header (for JS clients) or the csrf_token form field (for HTML forms). Removed /login from the CSRF exclusion list so login POSTs are now validated. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* v3 ui: require 100% visibility before marking items as readClaude9 days2-2/+2
| | | | | | | | | | | | | Change IntersectionObserver threshold from 0.5 to 1.0 so items are only marked as read when fully scrolled into view, reducing accidental mark-as-read during fast scrolling. Also fix unused Category import in perf test and add thicket config.json to repository so future agents can use thicket CLI commands. Closes NK-s2g59a https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9
* V3 UI Polish: Improved keyboard navigation, fixed logo position, and updated ↵Adam Mathes9 days6-26/+26
| | | | | | | | | | | branding - Fix V3 keyboard navigation delay (resolved NK-wjats7) - Update V3 document title to 'neko' (resolved NK-4p3s91) - Fix V3 neko logo/button position to be top-left fixed (resolved NK-89za3s) - Improve FeedItems (React) stability with ref-based index tracking and robust tests - Sync V3 styling and selection feedback with V2 patterns - Rebuild production assets
* Fix v3ui: neko button fixed positionAdam Mathes9 days4-4/+3
| | | | | | | - Remove duplicate neko logo from v3 sidebar - Keep sidebar toggle button fixed at top-left even when sidebar is open - Add top padding to v3 sidebar to prevent overlap with the fixed toggle button - Update v3 tests to match UI changes
* Add performance benchmarks, stress tests, and frontend perf testsClaude9 days1-0/+92
| | | | | | | | | | | | Go benchmarks cover item CRUD/filter/sanitization, API endpoints (stream, item update, feed list), middleware stack (gzip, security headers, CSRF), and crawler pipeline (feed parsing, mocked crawl). Stress tests verify concurrent reads/writes and large dataset handling. Frontend perf tests measure template generation, DOM insertion, and store event throughput. New Makefile targets: bench, bench-short, stress, test-perf. https://claude.ai/code/session_01ChDVWFDrQoFjMYHpaLGr9s
* Fix v3 theme contrast and sync with v2 colors, add v3 logo, and fix v2 test ↵Adam Mathes9 days6-14/+15
| | | | | | | | | | stability - Sync v3 dark/light theme colors with v2 defaults - Fix v3 settings input/select contrast in dark mode - Add logo emoji to v3 sidebar - Fix duplicate key warnings and side-effect issues in FeedItems.tsx (v2) - Rebuild production assets
* Fix v3 build process and CSRF login/logout exclusionsAdam Mathes9 days5-17/+38
| | | | | | | - Update Makefile to correctly build and copy frontend-vanilla (v3) assets - Fix frontend-vanilla/vite.config.ts to build to its own dist directory - Normalize CSRF check path and exclude /api/logout to fix v3 session clearing - Include latest built assets for v3
* Fix restricted login access and modernize login pageAdam Mathes9 days3-21/+200
| | | | | | | | - Close NK-oqd24q: Fix login access for v3/api - Update web.go to exclude /login/ from CSRF check during initial submission - Modernize web/static/login.html with new CSS and structure - Add web/login_test.go to verify CSRF exclusion - Created NK-ngokc3 for further CSRF enhancements
* Web: Make vanilla (v3) frontend the default at root, move react (v2) to /v2/Adam Mathes10 days1-7/+6
|
* Vanilla JS (v3): Removed confusing secondary cat logo, fixed mobile ↵Adam Mathes10 days4-6/+3
| | | | overflow, cleaned up styles
* Vanilla JS (v3): Fix mobile horizontal scroll, simplify logo to 🐱 emoji, ↵Adam Mathes10 days5-108/+131
| | | | implement feed deselect, and complete Settings (Add Feed, Export/Import OPML)
* Vanilla JS (v3): Restore base font to 18px and keep sidebar fonts compactAdam Mathes10 days4-3/+3
|
* Vanilla JS (v3): Adjust font sizes to comfortable 16px middle groundAdam Mathes10 days4-3/+3
|
* Vanilla JS (v3): Reduce font size and implement collapsible sidebar sections ↵Adam Mathes10 days4-10/+10
| | | | for Tags and Feeds
* Vanilla JS (v3): Add Logout button, 'neko' cat emoji toggle, and mobile ↵Adam Mathes10 days4-106/+108
| | | | responsiveness with backdrop
* Vanilla JS (v3): Fix filtering logic, Settings navigation, and refine styles ↵Adam Mathes10 days4-8/+9
| | | | for v2 parity
* Vanilla JS (v3): Redesign to 2-pane glassmorphism, fix CSP errors, fix ↵Adam Mathes10 days5-105/+105
| | | | Settings view, and achieve 80% test coverage
* Vanilla JS (v3): Final parity with React (Search, Settings, Shortcuts)Adam Mathes10 days5-75/+105
|
* Vanilla JS (v3): Implement Tags, Filters, and Infinite ScrollAdam Mathes10 days5-51/+75
|
* Vanilla JS (v3): Implement 3-pane layout, item fetching, reading, and testingAdam Mathes10 days6-22/+52
|
* Scaffold Vanilla JS Frontend (v3): Create directory, update Makefile/web.go, ↵Adam Mathes10 days7-40/+79
| | | | embed dist/v3
* Optimize frontend with memoized FeedItem and efficient IntersectionObserverAdam Mathes10 days3-12/+12
|
* Switch to HashRouter to fix page reload issues (NK-hy162w)Adam Mathes10 days2-6/+6
|
* Frontend: Build and check in production assets for multi-select featureAdam Mathes10 days4-9/+9
|
* Frontend: Build and check in production assets for additive filtering fixAdam Mathes10 days5-15/+15
|
* Backend: Fix linting issues, improve error handling, and replace magic numbersAdam Mathes10 days4-60/+60
|
* Commit ticket updates and remaining backend lint fixesAdam Mathes10 days1-1/+2
|
* Create 'make check' unified workflow and fix various lint issuesAdam Mathes10 days1-26/+14
|
* chore: update build artifacts and finalize test improvementsAdam Mathes11 days2-8/+8
|
* chore: align local Makefile with GitHub CI jobsAdam Mathes11 days2-7/+7
|
* chore: fix lint and type errors to resolve CI failuresAdam Mathes11 days4-3/+3
|
* ci: enhance workflow with E2E tests and Docker checkAdam Mathes11 days3-14/+2
|
* assets updateAdam Mathes11 days2-0/+12
|
* UI: Improve consistency of settings, logout, and theme sections in sidebar ↵Adam Mathes11 days4-3/+3
| | | | (NK-v9e7r3)
* UI: Add collapsible caret icons for Tags and Feeds in sidebar (NK-gjymiw)Adam Mathes11 days5-14/+14
|
* Cleanup root directory by moving scripts to scripts/ and fix CSRF cookie ↵Adam Mathes11 days1-2/+2
| | | | policy for dev env
* task: delete vanilla js prototype\n\n- Removed vanilla/ directory and ↵Adam Mathes11 days4-486/+0
| | | | web/dist/vanilla directory\n- Updated Makefile, Dockerfile, and CI workflow to remove vanilla references\n- Cleaned up web/web.go to remove vanilla embed and routes\n- Verified build and tests pass\n\nCloses NK-2tcnmq
* fix: auto-load more items when pressing 'j' on last item\n\nPreviously, if ↵Adam Mathes11 days2-5/+5
| | | | you were focused on the last loaded item and that item was\nvery long (extending past the viewport), pressing 'j' would do nothing\nbecause there were no more items loaded yet.\n\nNow, when the user presses 'j' and lands on the last item, we automatically\ntrigger loading more items (if available), ensuring that the next 'j' press\nwill work as expected.\n\nAdded test to verify this behavior works correctly.
* feat: fix authentication to handle no-password scenario\n\n- Updated ↵Adam Mathes11 days2-0/+190
| | | | Authenticated() to return true when no password is configured\n- Updated apiLoginHandler to succeed when no password is set\n- Added comprehensive backend tests for both password/no-password cases\n- Added E2E tests for authentication flows (password tests are skipped by default)\n- All tests pass for both authentication scenarios\n\nFixes issue where app would require login even when no password was configured.\nNow properly supports passwordless mode for local development.
* feat: add secure_cookies configuration option\n\n- Added SecureCookies bool ↵Adam Mathes11 days2-4/+5
| | | | field to config.Settings\n- Added --secure-cookies command line flag\n- Updated CSRFMiddleware to use config setting instead of hardcoded value\n- Default is false for local development, set to true for production HTTPS\n- Updated config.example and README.md with documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis allows users to easily switch between insecure cookies (for local dev)\nand secure cookies (for production HTTPS) via config file or command line.
* fix: CSRF cookie configuration for local network access\n\n- Changed ↵Adam Mathes11 days6-15/+16
| | | | SameSite from Lax to None to allow cookie access across localhost/IP variations\n- Added Secure=false for local development (should be true in production with HTTPS)\n- Added credentials:'include' to all fetch requests to ensure cookies are sent\n- Updated tests to expect credentials parameter in fetch calls\n\nThis fixes the 403 Forbidden error when accessing from LAN IPs like 192.168.x.x
* fix: relax CSP to allow unsafe-eval for legacy UIAdam Mathes11 days1-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-25 21:34:02 +0000