| Age | Commit message (Collapse) | Author |
|---|
|
Cover previously untested logic: session ID generation/hashing,
password authentication, IP rate limiting, game state helpers,
handler endpoints, task enqueue/result processing, and config loading.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Replace concrete *db.Queries and *pgxpool.Pool dependencies with
db.Querier and db.TxManager interfaces across all handlers, game hub,
and auth. This enables unit testing with mocks.
- Enable sqlc emit_interface to generate Querier interface
- Add TxManager abstraction to encapsulate transactions
- Convert auth package-level functions to Authenticator struct
- Add TaskQueueInterface/TaskWorkerInterface for game.Hub
- Add initial unit tests for game logic and API handlers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
auth/auth.go: return error instead of panicking on data inconsistency.
game/hub.go: log unexpected task result types instead of panicking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
handling
- Wrap multi-step DB operations in transactions (signup, submit, game
edit, task result processing)
- Add game running checks to PostGamePlayCode and PostGamePlaySubmit
- Hide ranking code when game is not yet finished
- Replace silenced errors in processTaskResults with slog.Error logging
- Add pgxpool.Pool to Handler/Hub structs for transaction support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Replace all usages of the standard log package with log/slog across
backend and swift worker. Configure Echo's request logger to emit
structured log attributes via slog instead of the default format.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Consolidate frontend, typespec, and worker/php into a single npm
workspaces setup with one root lockfile. Update Dockerfiles to use
repository root as build context, and adjust justfile, CI workflow,
and compose files accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
Add CI workflow running build/lint checks for all components:
- backend: Go build + golangci-lint
- worker/swift: Go build + golangci-lint
- frontend: Biome + TypeScript + ESLint
- worker/php: Biome
Add `ci` recipes to each justfile so GHA uses `just ci` uniformly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Migrate hand-written OpenAPI YAML to TypeSpec (.tsp) source files.
TypeSpec compiles to OpenAPI 3.0 YAML, enabling type-safe API definitions.
- Add typespec/ directory with api-server and fortee definitions
- Integrate TypeSpec build into `just gen` and `just build` pipelines
- Update backend handler code to match new generated type names
(inlined error responses, separate GameType/ProblemLanguage enums)
- Regenerate frontend TypeScript types from new OpenAPI output
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Prevent XSS-based token theft by making the JWT inaccessible to
JavaScript. The backend now sets/clears the cookie via Set-Cookie
headers, and the frontend retrieves user info from /api/me instead
of decoding the JWT directly.
- Add JWTCookieMiddleware to parse cookie and inject claims into context
- Add /me and /logout endpoints to OpenAPI spec and handlers
- Update PostLogin to return user object + Set-Cookie header
- Replace Authorization header auth with cookie-based auth throughout
- Rewrite frontend auth to use /api/me instead of jwt-decode
- Remove jwt-decode dependency
- Configure CORS with credentials for local dev
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Prevent brute-force attacks by limiting POST /login to 5 requests per
minute per IP address using golang.org/x/time/rate. Unused entries are
cleaned up after 10 minutes of inactivity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
Clean up old React Router references after migration to Vite + Wouter:
- Replace build/ and .react-router/ with dist/ in ESLint globalIgnores
- Replace ./build with ./dist in Biome ignore list
- Remove formComponents and NavLink from ESLint settings
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Replace app-server proxy with direct static file serving from nginx.
The frontend service builds assets into a shared volume, and the
reverse-proxy serves them with SPA fallback via try_files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
BFF前提のURL分岐をVite SPA向けに調整。本番URLのハードコードを
VITE_API_BASE_URL環境変数に外出し。
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Remove React Router 7 SSR/BFF architecture (server-side loaders,
actions, sessions, remix-auth) and replace with a client-side SPA
using Wouter for routing and cookie-based JWT auth.
- Replace reactRouter() Vite plugin with @vitejs/plugin-react
- Add index.html + app/main.tsx as SPA entry points
- Add Wouter routing with auth guards (ProtectedRoute/PublicOnlyRoute)
- Add client-side auth (app/auth.ts) and useAuth hook
- Migrate all route files to app/pages/ with client-side data fetching
- Update NavigateLink and GolfPlayAppGaming to use Wouter Link
- Remove .server/, routes/, root.tsx, react-router.config.ts
- Clean up tsconfig.json (remove .react-router references)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
