fix: address final review blockers

- Add /api/onboarding and /status to PUBLIC_PATHS in hooks.server.ts so onboarding wizard and status page work for unauthenticated users - Add isOnboardingNeeded() guard to POST /api/onboarding to reject calls after onboarding is complete (security hardening) - Add data-app-widget attribute to all AppWidget card variants to enable j/k keyboard navigation
2026-03-25 14:29:11 +03:00
parent 1c0a7cb850
commit 014de026eb
3 changed files with 13 additions and 1 deletions
@@ -134,6 +134,8 @@
 		target="_blank"
 		rel="noopener noreferrer"
 		class="card-hover group flex items-center gap-2 rounded-lg {cardStyleClass} px-3 py-2 text-left transition-colors hover:border-primary/50"
+		data-app-widget
+		data-app-url={app.url}
 		oncontextmenu={handleContextMenu}
 		onclick={recordClick}
 	>
@@ -190,6 +192,8 @@
 	<!-- Large: icon + name + description + sparkline + tags + links -->
 	<div
 		class="card-hover group rounded-xl {cardStyleClass} p-5 transition-colors hover:border-primary/50"
+		data-app-widget
+		data-app-url={app.url}
 		oncontextmenu={handleContextMenu}
 	>
 		<a
@@ -283,6 +287,8 @@
 	<!-- Medium (default): icon + name + status + sparkline on hover + links -->
 	<div
 		class="card-hover group rounded-xl {cardStyleClass} p-4 transition-colors hover:border-primary/50"
+		data-app-widget
+		data-app-url={app.url}
 		oncontextmenu={handleContextMenu}
 	>
 		<a