Mangalord

fabi/Mangalord

Fork 0

Commit Graph

Author	SHA1	Message	Date
MechaCat02	f57ca8e45c	feat: harden auth, shutdown, and session bundle (0.35.0) Some checks failed deploy / test-backend (push) Failing after 1m37s Details deploy / test-frontend (push) Failing after 16m31s Details deploy / build-and-push (push) Has been skipped Details deploy / deploy (push) Has been skipped Details Three features bundled into one release: - rate-limit /auth/login, /register, /me/password (token bucket, 5 req/sec sustained with 10-request burst by default; 429 + Retry-After header on hit; tracing::warn! per hit so operators see attack patterns; AUTH_RATE_PER_SEC / AUTH_RATE_BURST env knobs) - handle SIGTERM for graceful container stops (replaces bare ctrl_c() with a select over ctrl_c + SignalKind::terminate() so docker compose stop runs the daemon shutdown path instead of letting Chromium leak past SIGKILL) - clear session.user on 401 from any API call (setOn401Hook in api/client.ts, registered from session.svelte.ts gated on $app/environment::browser so the SSR bundle never installs it; fixes "logged in but no bookmarks/collections" mid-session expiry state) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-28 20:27:21 +02:00
MechaCat02	58e637085d	bugfix: don't JSON.parse empty 200/201 bodies (0.19.1) $(addMangaToCollection crashed when the backend returned 201/200 with no body — the shared client only short-circuited 204. Now any empty body returns undefined.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 18:30:39 +02:00
MechaCat02	ce9a01793f	feat: nest API under /api/v1, structured error envelope, paged lists Move every handler from /api/* to /api/v1/. /api/ is now reserved for future versioning. Standardise the error response shape across the API as {"error": {"code": "snake_case", "message": "..."}}. AppError gains a `code()` whose top-level variants are matched exhaustively without a wildcard — new variants are a compile error until coded. 500-class responses always emit the fixed "internal error" string and log the real cause via tracing only. Lock in the list pagination envelope as {"items": [...], "page": { "limit", "offset", "total"}} and apply it to GET /api/v1/mangas. `total` serialises as null until feat/list-search-polish lands an indexed count. The frontend client parses the envelope into ApiError.code with an http_error fallback for non-JSON bodies. listMangas now returns the paged shape; the root route consumes .items. New client.test.ts covers envelope parsing and the fallback paths. Lockstep version bump to 0.2.0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 21:41:20 +02:00

Author

SHA1

Message

Date

MechaCat02

f57ca8e45c

feat: harden auth, shutdown, and session bundle (0.35.0)

deploy / test-backend (push) Failing after 1m37s

Details

deploy / test-frontend (push) Failing after 16m31s

Details

deploy / build-and-push (push) Has been skipped

Details

deploy / deploy (push) Has been skipped

Details

Three features bundled into one release:

- rate-limit /auth/login, /register, /me/password (token bucket,
  5 req/sec sustained with 10-request burst by default; 429 +
  Retry-After header on hit; tracing::warn! per hit so operators
  see attack patterns; AUTH_RATE_PER_SEC / AUTH_RATE_BURST env knobs)
- handle SIGTERM for graceful container stops (replaces bare
  ctrl_c() with a select over ctrl_c + SignalKind::terminate() so
  docker compose stop runs the daemon shutdown path instead of
  letting Chromium leak past SIGKILL)
- clear session.user on 401 from any API call (setOn401Hook in
  api/client.ts, registered from session.svelte.ts gated on
  $app/environment::browser so the SSR bundle never installs it;
  fixes "logged in but no bookmarks/collections" mid-session
  expiry state)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-28 20:27:21 +02:00

MechaCat02

58e637085d

bugfix: don't JSON.parse empty 200/201 bodies (0.19.1)

$(addMangaToCollection crashed when the backend returned 201/200 with no body — the shared client only short-circuited 204. Now any empty body returns undefined.)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-17 18:30:39 +02:00

MechaCat02

ce9a01793f

feat: nest API under /api/v1, structured error envelope, paged lists

Move every handler from /api/* to /api/v1/*. /api/* is now reserved for
future versioning.

Standardise the error response shape across the API as
{"error": {"code": "snake_case", "message": "..."}}. AppError gains a
`code()` whose top-level variants are matched exhaustively without a
wildcard — new variants are a compile error until coded. 500-class
responses always emit the fixed "internal error" string and log the
real cause via tracing only.

Lock in the list pagination envelope as {"items": [...], "page": {
"limit", "offset", "total"}} and apply it to GET /api/v1/mangas. `total`
serialises as null until feat/list-search-polish lands an indexed count.

The frontend client parses the envelope into ApiError.code with an
http_error fallback for non-JSON bodies. listMangas now returns the
paged shape; the root route consumes .items. New client.test.ts covers
envelope parsing and the fallback paths.

Lockstep version bump to 0.2.0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-16 21:41:20 +02:00

3 Commits