alexei.dolgolyov/notify-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity
Files
1ac6a17f6f47891ba5cad16a9ee40c84ac4e507e
notify-bridge/frontend
T
History
alexei.dolgolyov e0bae394ee feat: comprehensive code review fixes — security, performance, quality 
Backend security:
- Reject Gitea webhooks when webhook_secret is empty (was silently skipping)
- Add slowapi rate limiting on login (5/min) and setup (3/min) endpoints
- Add CORS middleware with configurable origins
- Mask telegram_webhook_secret in settings API response
- Protect system-owned command template configs from regular user modification
- Increase minimum password length to 8 characters

Backend performance:
- Batch queries in _resolve_command_context (3 queries instead of 3N)
- Concurrent album fetching with asyncio.gather in immich commands
- Singleton Jinja2 SandboxedEnvironment (reuse instead of per-render creation)
- TTLCache for rate limits (bounded memory, auto-eviction)
- Optional aiohttp session reuse in send_reply/send_media_group

Backend code quality:
- Extract dispatch_helpers.py (shared link_data loading + event filtering)
- Extract database/seeds.py from main.py (490 lines → dedicated module)
- Split immich_handler.py (415 lines) into commands/immich/ subpackage
- Replace bare except blocks with logged warnings
- Add per-provider config validation (Pydantic models)
- Truncate command input to 512 chars
- Expose usage_* and desc_* slots in capabilities and variables API

Frontend security:
- CSS.escape() for user-controlled querySelector in highlight.ts
- Client-side password min 8 chars validation on setup and password change

Frontend code quality:
- Replace any types with proper interfaces across top files
- Decompose targets/+page.svelte into TargetForm + ReceiverSection
- Fix $derived.by usage, $state mutation patterns
- Add console.warn to empty catch blocks

Frontend UX:
- Auth redirect via goto() with "Redirecting..." state
- Platform-aware Ctrl/Cmd K keyboard hint
- Remove stat-card hover transform

Frontend accessibility:
- Modal: role=dialog, aria-modal, focus trap, restore focus
- EntitySelect/IconGridSelect: listbox/option roles, aria-selected/disabled
2026-03-23 01:59:51 +03:00
..
src
feat: comprehensive code review fixes — security, performance, quality
2026-03-23 01:59:51 +03:00
static
fix: local fonts via @fontsource, favicon, autocomplete attrs
2026-03-20 00:13:21 +03:00
package-lock.json
feat: entity relationship refactor — notification trackers, command system, chat actions
2026-03-21 01:27:20 +03:00
package.json
feat: telegram commands, app settings, bot polling, webhook handling, UI improvements
2026-03-20 23:11:42 +03:00
svelte.config.js
feat(notify-bridge): phase 1 - project scaffolding
2026-03-19 22:30:06 +03:00
tsconfig.json
feat(notify-bridge): phase 1 - project scaffolding
2026-03-19 22:30:06 +03:00
vite.config.ts
feat(notify-bridge): phase 1 - project scaffolding
2026-03-19 22:30:06 +03:00