Web migration#466
Closed
ShantKhatri wants to merge 94 commits into
Closed
Conversation
Co-authored-by: Amrit <amrit@example.com>
Replace the default browser scrollbar with a custom themed one that matches DevCard's brand gradient. CSS-only, no JavaScript. - WebKit/Chromium/Safari: gradient thumb (primary -> accent), themed track, hover state with glow. - Firefox: scrollbar-width thin + scrollbar-color using the same theme variables (solid thumb fallback since gradients aren't supported). - Reuses existing --primary/--accent/--bg-secondary/--primary-glow CSS variables so light/dark mode just work. Closes Dev-Card#151. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…d#150) * chore(backend): add and configure ESLint for backend workspace * fix(backend): align Prisma versions
…ev-Card#150)" (Dev-Card#176) This reverts commit d6afc79.
… logging (Dev-Card#172) reply.statusCode defaults to 200 before any response is sent, so the previous check always evaluated to true and logged failed follows as success. followGitHub now returns { success, response } so the caller can log based on the actual API outcome. Closes Dev-Card#148
…nt APIs (Dev-Card#139) * docs: add Discord community invitation link to README and CONTRIBUTING.md * git commit -m "feat(events-api): implement event management REST API with Prisma models" * fix: revert changes to align with repository tech stack * fix: Revert changes * fix: add location field to schema and update API, validation, and tests * fix: remove accidental schema.prisma file * fix: Updated schema with location in event
…nagement & deep-link fallback (Dev-Card#177) * feat: Layer 2 WebView Follow Engine — LinkedIn In-App Connect + Session Management * fix: resolve TypeScript compilation issues and restore settings navigation * feat: WebView LinkedIn Connect Engine + Follow system (Section 6.9) - Backend: followRoutes returns webview strategy for LinkedIn/Twitter platforms - Backend: POST /api/follow/:platform/:targetUsername/log for telemetry - Backend: DELETE /api/follow/:platform/:targetUsername/log to reset Done state - Backend: public profile now returns followed:true for previously connected links - Backend: auth improvements — encode mobile redirect URI in OAuth state - Mobile: WebViewScreen — full LinkedIn JS injection engine with polling, MutationObserver, visibilitychange, popstate, and injectedJSBeforeContentLoaded - Mobile: DevCardViewScreen — premium UI, emoji icons, brand-colored buttons, Done tile with long-press reset, GitHub browser fallback - Mobile: HomeScreen — username search bar to view any DevCard profile - Mobile: App.tsx — hash fragment token extraction for OAuth deep links - Mobile: config.ts — auto-detects LAN IP via Expo Constants for Expo Go - Mobile: Expo migration — index.js, metro.config.js, babel.config.js, app.json - Tests: new follow.test.ts cases for webview strategy and log endpoint - Docs: README updated with telemetry and fallback overlay details - Config: docker-compose port 5433, .env.example LAN IP placeholders * fix: address PR review comments from Harxhit - prisma.ts: replace authenticate:any with proper typed signature (request: FastifyRequest, reply: FastifyReply) => Promise<void> - auth.ts: replace err as any with instanceof Error check in both GitHub and Google OAuth catch blocks for type-safe error handling - Skeleton.tsx: replace width/height as any with DimensionValue type from react-native to preserve TypeScript safety * fix: address remaining PR review comments from Harxhit - connect.ts: replace err as any with instanceof Error check in GitHub connect catch block (same pattern as auth.ts fix) - MainTabs.tsx: extract WebViewConnect params into standalone exported type WebViewConnectParams for reusability and future maintainability - profiles.test.ts: replace mockPrisma as any with Pick<PrismaClient,'user'> and unknown cast to preserve TypeScript safety in tests
Signed-off-by: Parth Patidar <parth11.patidar@gmail.com>
* feat: add context-card diffing utility and validation layer * feat: add NFC tag payload generation endpoint with card ownership validation * fix: add Zod query validation and improve error handling in NFC route * fix: resolve merge conflicts in app.ts * fix: add typed response schema NfcPayloadResponse * fix: remove typo in import statement in cards.ts * refactor: narrow try catch scope in NFC payload route
…ate (Dev-Card#211) randomBytes was used in generateState() without being imported from crypto, causing a ReferenceError crash on any GET /connect/github request. Also renamed parseGoogleState to parseOAuthState since the function is exclusively used in the GitHub connect flow — Google connect does not exist in this file. Closes Dev-Card#178 Signed-off-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com> Co-authored-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com>
…v-Card#144) * fix(auth): encrypt OAuth tokens using encryption utility directly auth.ts silently stored GitHub OAuth access tokens as plaintext because the encryption check relied on a non-existent `app.encryption` Fastify decorator - the condition always evaluated false, falling back to the raw token. connect.ts called `app.encryption.encrypt()` directly, throwing a TypeError at runtime and breaking the GitHub connect flow entirely. Both routes now import `encrypt()` directly from utils/encryption.ts, consistent with how follow.ts already imports `decrypt()` from the same module. * fix(auth): isolate OAuth token persistence with focused try/catch Wrap the encrypt + oAuthToken.upsert block in its own try/catch so that a transient DB failure during token storage does not abort the login flow. The platform token is supplementary -- authentication (JWT issuance) proceeds even when persistence fails, and the error is logged for observability. Addresses reviewer feedback on PR Dev-Card#144. --------- Signed-off-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com> Co-authored-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com>
…ard#171) Following PA instructions merge conflicts are fixed.
…ard#228) * fix: resolve ESLint issues in apps/backend/src/routes/cards.ts * chore: remove local .eslintrc.json --------- Signed-off-by: Krish Kumar <anuragbraveboy@gmail.com> Co-authored-by: anuragbraveboy-sudo <krishnyk229@gmail.com>
…ev-Card#157) * feat: improve card UI in light mode with better shadows and spacing * style: improve card spacing and add smooth hover shadow
Co-authored-by: Prashantkumar Khatri <prashantkhatri202@gmail.com>
* fix: improve error handling in public.ts * chore: remove unrelated frontend changes * fix: improve typing and standardized error handling in public.ts * chore: remove unrelated frontend changes * fix: use shared getErrorMessage utility
Co-authored-by: Dhrupad <24155325@kiit.ac.in>
…ation (Dev-Card#229) All five route handlers in eventRoutes defined absolute /api/events* paths while app.ts also registered the plugin with prefix: '/api/events'. Fastify concatenates registration prefix and route path, producing double-prefixed endpoints (/api/events/api/events, /api/events/api/events/:slug, etc.) that are unreachable in production. Strip the /api/events prefix from every route definition so paths are relative (/, /:slug, /:slug/join, /:slug/leave, /:slug/attendees), consistent with every other route plugin in the codebase. Update the test buildApp() to register with { prefix: '/api/events' }, matching production. Inject URLs in existing tests already use the full /api/events/* paths and require no changes. Fixes Dev-Card#224.
* fix: remove duplicate OAuth callback route registrations in auth.ts
- Removed duplicate nested app.get('/github/callback') that was registered
inside an outer callback handler (caused by a bad merge)
- Removed duplicate nested app.get('/google/callback') same issue
- Removed dead code blocks (stray authUrl + redirect calls outside handlers)
that were left over after the duplicate outer wrappers were stripped
- All routes (/github, /github/callback, /google, /google/callback, /me, /logout)
are now correctly registered at the top level within authRoutes plugin scope
* fix: resolve OAuth CSRF vulnerabilities and add cookie types
---------
Signed-off-by: Roshan Kumar Singh <162692544+roshankumar0036singh@users.noreply.github.com>
…and navigation updates (Dev-Card#413) Signed-off-by: Prashantkumar Khatri <96608160+ShantKhatri@users.noreply.github.com>
…#422) Co-authored-by: prakash meena <prakash.meena@example.com>
…-Card#349) Signed-off-by: dinesh <midoriya54378@gmail.com>
…e enforc…" (Dev-Card#445) This reverts commit c535f20.
…ev-Card#450) * fix: Fixed linting issues * feat(ci): add selective monorepo CI and PR result comments
…ion (Dev-Card#349)" (Dev-Card#451) This reverts commit f6ee844.
…ev-Card#453) * fix: Fixed linting issues * fix(ci): improve selective checks and detailed PR comment reporting
…ing (Dev-Card#455) * fix: Fixed linting issues * fix(ci): improve workflow reporting and add collaborator support
…ev-Card#457) * fix: Fixed linting issues * fix(ci): expose backendTests output and improve smart test execution
…:slug response (Dev-Card#346) The event detail endpoint was returning the raw organizer UUID via organizerId, leaking an internal database identifier to unauthenticated callers. Fetch the organizer relation and expose organizerUsername and organizerDisplayName instead.
…ev-Card#459) * fix: Fixed linting issues * fix(workflow): switch discord reminder to pull_request_target for comment permissions
* feat: add rate limiting to OAuth endpoints - Create oauthRateLimit plugin with per-IP bucket strategy - Apply stricter rate limits to OAuth callback endpoints (5 req/min) - Apply moderate rate limits to OAuth start endpoints (10 req/min) - Prevent brute force attacks and token guessing - Add per-user fallback for authenticated requests - Fixes: No Rate Limiting on OAuth Endpoints * fix: improve OAuth rate limiting implementation - Fix off-by-one error: use >= instead of > for count checks - Add Retry-After HTTP header to 429 responses (standard approach) - Add type declaration merging for decorator properties - Remove as any casts from auth routes - Document cache:10000 reasoning in comments
This reverts commit 7762fa2.
…structure and page routing
CI Results — ❌ Some checks failed🖥️ Backend (❌ failure)
📱 Mobile (❌ failure)
🌐 Web (❌ failure)
🕐 Last updated: |
CI — Checks FailedBackend — FAIL
Mobile — FAIL
Web — FAIL
Last updated: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrated web module from Svelt to React and initialized the npm there instead of pnpm.
Type of Change
Checklist
pnpm -r run lintpasses).pnpm -r run typecheck).pnpm -r run test).console.logor debug statements left in the code.