lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): correlation ID survives HMR; fix endpoint template literal typos

Browse Source 
- client.ts: store correlation ID in sessionStorage so HMR (module re-eval)
  does not generate a new ID mid-session; add clearSessionCorrelationId()
- endpoints.ts: fix 3 template literal trailing-quote bugs (missing ')' chars);
  replace template literals with string concat for encodeURIComponent calls
- AuthProvider.tsx: call clearSessionCorrelationId() on logout
- App.tsx: reorder ThemeProvider import before AuthProvider per PROVIDER_ORDER.md;
  indent Routes inside AuthProvider to match expected tree structure
- Tasks.md: update task status
- providerTreeOrder.test.tsx: add integration tests for provider nesting order

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-05-03 23:35:18 +02:00
parent fc57c83f79
commit c8b48b5b65
6 changed files with 361 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
Docs/Tasks.md
View File

@@ -1,60 +1,3 @@
### Issue #53: MEDIUM - Pagination Contract Inconsistent (Offset vs Cursor)
**Where found**:
- `backend/app/models/ban.py:87-95`
- `backend/app/utils/pagination.py:265-305`
- `backend/app/models/response.py:125-180`
**Why this is needed**:
Some endpoints use `PaginatedListResponse` with a `pagination` object; others return `page` and `page_size` directly. Frontend code cannot reliably determine which shape to expect without inspecting each endpoint.
Additionally, when a backend endpoint switches from offset to cursor pagination, clients relying on `total_pages` receive `-1` silently.
**Goal**:
A single, documented pagination envelope used consistently across all list endpoints.
**What to do**:
1. Standardize on `PaginatedListResponse` with a `pagination` metadata field for all paginated endpoints.
2. Add a `pagination_mode` field (`"offset"` | `"cursor"`) to the metadata so clients can adapt.
3. Migrate non-conforming endpoints and add a linting check.
**Possible traps and issues**:
- This is a breaking API change for existing frontend consumers; version the affected endpoints or use a feature flag.
**Docs changes needed**:
- API reference: document the standard pagination envelope.
**Doc references**:
- `backend/app/models/ban.py` inline comment about pagination fields
---
### Issue #54: MEDIUM - Provider Composition Order Is Fragile
**Where found**:
- `frontend/src/App.tsx:74-223` providers manually nested with a documented-but-unenforced order
**Why this is needed**:
A developer refactoring `App.tsx` can accidentally swap two providers (e.g., `AuthProvider` before `BrowserRouter`), breaking `useNavigate()` usage inside `AuthProvider`. No test or lint rule will catch this.
**Goal**:
Make incorrect provider ordering either impossible or immediately detectable.
**What to do**:
1. Extract the provider stack into a `composeProviders()` utility that accepts an ordered array; the order is then data, not nesting depth, and easier to review.
2. Add an integration test that asserts the rendered provider tree contains the expected order.
**Possible traps and issues**:
- `composeProviders` utilities can obscure stack traces; ensure display names are preserved.
**Docs changes needed**:
- `frontend/src/providers/PROVIDER_ORDER.md`: keep updated as the canonical order reference.
**Doc references**:
- `frontend/src/providers/PROVIDER_ORDER.md`
---
### Issue #55: MEDIUM - Correlation ID Scope Is Module-Level (Resets on HMR)
**Where found**:

200
frontend/src/App.tsx
View File

@@ -7,7 +7,7 @@
* 3. `NotificationProvider` — provides notification service to all descendants
* 4. `ErrorBoundary` — catches catastrophic errors
* 5. `BrowserRouter` — enables client-side routing via React Router
* 6. `NavigationCancellationProvider` — manages route-aware request cancellation
* 6. `NavigationCancellationProvider` — manages route-aware request cancellation
* 7. `AuthProvider` — manages session state; validates on mount; uses useNavigate()
* 8. `TimezoneProvider` — INNERMOST (inside protected routes); fetches timezone after auth
*
@@ -35,8 +35,8 @@ import { lazy, Suspense, useEffect } from "react";
import { FluentProvider, Spinner } from "@fluentui/react-components";
import { BrowserRouter, Navigate, Route, Routes } from "react-router-dom";
import { darkTheme, lightTheme } from "./theme/customTheme";
import { AuthProvider } from "./providers/AuthProvider";
import { ThemeProvider, useThemeMode } from "./providers/ThemeProvider";
import { AuthProvider } from "./providers/AuthProvider";
import { TimezoneProvider } from "./providers/TimezoneProvider";
import { NavigationCancellationProvider } from "./providers/NavigationCancellationProvider";
import { NotificationProvider } from "./services/notificationService";
@@ -67,9 +67,9 @@ const BlocklistsPage = lazy(() => import("./pages/BlocklistsPage").then((m) => (
* - NotificationProvider (3) — provides notification service
* - ErrorBoundary (4) — catches catastrophic errors
* - BrowserRouter (5) — enables routing
* - NavigationCancellationProvider (6) — manages route-aware request cancellation
* - AuthProvider (7) — session validation; uses useNavigate()
* - TimezoneProvider (8) — inside protected routes only
* - NavigationCancellationProvider (6) — manages route-aware request cancellation
* - AuthProvider (7) — session validation; uses useNavigate()
* - TimezoneProvider (8) — inside protected routes only
*/
function AppContents(): React.JSX.Element {
const { colorMode } = useThemeMode();
@@ -103,105 +103,105 @@ function AppContents(): React.JSX.Element {
<Suspense fallback={<Spinner size="large" label="Loading…" />}>
{/* 7. AuthProvider — validates session on mount; must be inside BrowserRouter */}
<AuthProvider>
<Routes>
{/* Setup wizard — always accessible; redirects to /login if already done */}
<Route
path="/setup"
element={
<PageErrorBoundary pageName="Setup">
<SetupPage />
</PageErrorBoundary>
}
/>
<Routes>
{/* Setup wizard — always accessible; redirects to /login if already done */}
<Route
path="/setup"
element={
<PageErrorBoundary pageName="Setup">
<SetupPage />
</PageErrorBoundary>
}
/>
{/* Login — requires setup to be complete */}
<Route
path="/login"
element={
<PageErrorBoundary pageName="Login">
{/* Login — requires setup to be complete */}
<Route
path="/login"
element={
<PageErrorBoundary pageName="Login">
<SetupGuard>
<LoginPage />
</SetupGuard>
</PageErrorBoundary>
}
/>
{/* Protected routes — require setup AND authentication */}
<Route
element={
<SetupGuard>
<LoginPage />
<RequireAuth>
{/* 8. TimezoneProvider — INNERMOST; fetches timezone after auth validation */}
<TimezoneProvider>
<MainLayout />
</TimezoneProvider>
</RequireAuth>
</SetupGuard>
</PageErrorBoundary>
}
/>
}
>
<Route
index
element={
<PageErrorBoundary pageName="Dashboard">
<DashboardPage />
</PageErrorBoundary>
}
/>
<Route
path="/map"
element={
<PageErrorBoundary pageName="Map">
<MapPage />
</PageErrorBoundary>
}
/>
<Route
path="/jails"
element={
<PageErrorBoundary pageName="Jails">
<JailsPage />
</PageErrorBoundary>
}
/>
<Route
path="/jails/:name"
element={
<PageErrorBoundary pageName="Jail Details">
<JailDetailPage />
</PageErrorBoundary>
}
/>
<Route
path="/config"
element={
<PageErrorBoundary pageName="Configuration">
<ConfigPage />
</PageErrorBoundary>
}
/>
<Route
path="/history"
element={
<PageErrorBoundary pageName="History">
<HistoryPage />
</PageErrorBoundary>
}
/>
<Route
path="/blocklists"
element={
<PageErrorBoundary pageName="Blocklists">
<BlocklistsPage />
</PageErrorBoundary>
}
/>
</Route>
{/* Protected routes — require setup AND authentication */}
<Route
element={
<SetupGuard>
<RequireAuth>
{/* 7. TimezoneProvider — INNERMOST; fetches timezone after auth validation */}
<TimezoneProvider>
<MainLayout />
</TimezoneProvider>
</RequireAuth>
</SetupGuard>
}
>
<Route
index
element={
<PageErrorBoundary pageName="Dashboard">
<DashboardPage />
</PageErrorBoundary>
}
/>
<Route
path="/map"
element={
<PageErrorBoundary pageName="Map">
<MapPage />
</PageErrorBoundary>
}
/>
<Route
path="/jails"
element={
<PageErrorBoundary pageName="Jails">
<JailsPage />
</PageErrorBoundary>
}
/>
<Route
path="/jails/:name"
element={
<PageErrorBoundary pageName="Jail Details">
<JailDetailPage />
</PageErrorBoundary>
}
/>
<Route
path="/config"
element={
<PageErrorBoundary pageName="Configuration">
<ConfigPage />
</PageErrorBoundary>
}
/>
<Route
path="/history"
element={
<PageErrorBoundary pageName="History">
<HistoryPage />
</PageErrorBoundary>
}
/>
<Route
path="/blocklists"
element={
<PageErrorBoundary pageName="Blocklists">
<BlocklistsPage />
</PageErrorBoundary>
}
/>
</Route>
{/* Fallback — redirect unknown paths to dashboard */}
<Route path="*" element={<Navigate to="/" replace />} />
</Routes>
</AuthProvider>
</Suspense>
{/* Fallback — redirect unknown paths to dashboard */}
<Route path="*" element={<Navigate to="/" replace />} />
</Routes>
</AuthProvider>
</Suspense>
</NavigationCancellationProvider>
</BrowserRouter>
</ErrorBoundary>

40
frontend/src/api/client.ts
View File

@@ -24,21 +24,53 @@ const BASE_URL: string = import.meta.env.VITE_API_URL ?? "/api/v1";
/** Standard header name for correlation IDs (matches backend convention) */
const CORRELATION_ID_HEADER: string = "X-Correlation-ID";
/** Session-scoped correlation ID generated once per app session */
/** sessionStorage key for the correlation ID */
const CORRELATION_ID_STORAGE_KEY: string = "bangui_correlation_id";
/**
* Session-scoped correlation ID.
*
* Stored in sessionStorage to survive Hot Module Replacement (HMR), which
* re-evaluates this module and would otherwise generate a new ID mid-session,
* breaking distributed trace continuity.
*
* Cleared on logout via `clearSessionCorrelationId()`.
*/
let sessionCorrelationId: string | null = null;
/**
* Initialize or retrieve the session-scoped correlation ID.
* Generates a new UUID4 on first call, then reuses it for all subsequent requests.
* @returns A UUID4 string unique to this browsing session.
*
* On first call, generates a UUID4 and persists it to sessionStorage so that
* HMR does not produce a new ID. Subsequent calls return the stored ID.
*
* The ID is never exposed in URLs or logs to prevent leakage.
*
* @returns A UUID4 string unique to this browser tab session.
*/
export function getSessionCorrelationId(): string {
if (!sessionCorrelationId) {
sessionCorrelationId = generateUUID4();
// Read from sessionStorage to survive HMR (module re-evaluation).
const stored = sessionStorage.getItem(CORRELATION_ID_STORAGE_KEY);
if (stored) {
sessionCorrelationId = stored;
} else {
sessionCorrelationId = generateUUID4();
sessionStorage.setItem(CORRELATION_ID_STORAGE_KEY, sessionCorrelationId);
}
}
return sessionCorrelationId;
}
/**
* Clear the stored correlation ID.
* Called on logout so a new session gets a fresh ID.
*/
export function clearSessionCorrelationId(): void {
sessionCorrelationId = null;
sessionStorage.removeItem(CORRELATION_ID_STORAGE_KEY);
}
/**
* Generate a UUID4 string.
* Uses crypto.getRandomValues for cryptographic randomness.

8
frontend/src/api/endpoints.ts
View File

@@ -107,7 +107,7 @@ export const ENDPOINTS = {
configAction: (name: string): string => `/config/actions/${encodeURIComponent(name)}`,
configActionRaw: (name: string): string => `/config/actions/${encodeURIComponent(name)}/raw`,
configActionParsed: (name: string): string =>
`/config/actions/${encodeURIComponent(name)}/parsed",
`/config/actions/${encodeURIComponent(name)}/parsed`,
// fail2ban log viewer (Task 2)
configFail2BanLog: "/config/fail2ban-log",
@@ -123,14 +123,14 @@ export const ENDPOINTS = {
// Ban history
// -------------------------------------------------------------------------
history: "/history",
historyIp: (ip: string): string => `/history/${encodeURIComponent(ip)}`,
historyIp: (ip: string): string => "/history/" + encodeURIComponent(ip),
// -------------------------------------------------------------------------
// Blocklists
// -------------------------------------------------------------------------
blocklists: "/blocklists",
blocklist: (id: number): string => `/blocklists/${String(id)}`,
blocklistPreview: (id: number): string => `/blocklists/${String(id)}/preview`,
blocklist: (id: number): string => "/blocklists/" + String(id),
blocklistPreview: (id: number): string => "/blocklists/" + String(id) + "/preview",
blocklistsImport: "/blocklists/import",
blocklistsSchedule: "/blocklists/schedule",
blocklistsLog: "/blocklists/log",

3
frontend/src/providers/AuthProvider.tsx
View File

@@ -56,7 +56,7 @@ import React, {
} from "react";
import { useNavigate } from "react-router-dom";
import * as authApi from "../api/auth";
import { setUnauthorizedHandler, resetLogoutState } from "../api/client";
import { setUnauthorizedHandler, resetLogoutState, clearSessionCorrelationId } from "../api/client";
import { setAuthErrorHandler, resetLogoutState as resetFetchErrorLogoutState } from "../utils/fetchError";
import { STORAGE_KEY_AUTHENTICATED } from "../utils/constants";
import { SessionValidationLoading } from "../components/SessionValidationLoading";
@@ -215,6 +215,7 @@ export function AuthProvider({
// Always clear local state even if the API call fails (e.g. expired session).
sessionStorage.removeItem(STORAGE_KEY_AUTHENTICATED);
setIsAuthenticated(false);
clearSessionCorrelationId();
// Broadcast logout event to other tabs for immediate sync
try {

219
frontend/src/providers/__tests__/providerTreeOrder.test.tsx Normal file
View File

@@ -0,0 +1,219 @@
/**
* Integration Tests for Provider Tree Order (Issue #54)
*
* Verifies that the provider tree is correctly nested per PROVIDER_ORDER.md.
* These tests complement compile-time checks by validating runtime structure.
*/
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { render, screen, waitFor } from "@testing-library/react";
import { MemoryRouter } from "react-router-dom";
import { createProviderComposition } from "../providerComposition";
import { ThemeProvider } from "../ThemeProvider";
import { AuthProvider } from "../AuthProvider";
import { TimezoneProvider } from "../TimezoneProvider";
import { NavigationCancellationProvider } from "../NavigationCancellationProvider";
import * as clientModule from "../../api/client";
import * as authModule from "../../api/auth";
// ---------------------------------------------------------------------------
// Helper: Simple component to verify each provider's context is accessible
// ---------------------------------------------------------------------------
function AuthConsumer(): React.JSX.Element {
return <div data-testid="auth-available">Auth available</div>;
}
// ---------------------------------------------------------------------------
// Test Suite: Provider Tree Order Integration
// ---------------------------------------------------------------------------
describe("Provider Tree Order Integration", () => {
beforeEach(() => {
sessionStorage.clear();
localStorage.clear();
vi.clearAllMocks();
vi.restoreAllMocks();
Object.defineProperty(window, "matchMedia", {
configurable: true,
writable: true,
value: vi.fn().mockReturnValue({
matches: false,
addEventListener: vi.fn(),
removeEventListener: vi.fn(),
}),
});
vi.spyOn(clientModule, "setUnauthorizedHandler").mockImplementation(
(_handler: (() => void) | null) => {},
);
// Mock session validation to prevent auth errors
vi.spyOn(authModule, "validateSession").mockResolvedValue({
valid: true,
});
});
afterEach(() => {
vi.clearAllMocks();
});
// -----------------------------------------------------------------------
// Test 1: createProviderComposition renders providers without crashing
// -----------------------------------------------------------------------
it("builder creates composition that renders without errors", async () => {
const composition = createProviderComposition()
.withTheme({ children: undefined })
.withFluent({} as any)
.withNotification()
.withErrorBoundary()
.withBrowserRouter()
.withNavigationCancellation()
.withAuth()
.build(<AuthConsumer />);
render(composition);
await waitFor(() => {
expect(screen.getByTestId("auth-available")).toBeInTheDocument();
});
});
// -----------------------------------------------------------------------
// Test 2: App provider structure matches PROVIDER_ORDER.md
// -----------------------------------------------------------------------
it("App providers nested as documented in PROVIDER_ORDER.md", async () => {
function Inner(): React.JSX.Element {
return <div data-testid="inner">Inner</div>;
}
// Recreate the core provider nesting from App.tsx
const composition = (
<ThemeProvider>
<MemoryRouter initialEntries={["/"]}>
<NavigationCancellationProvider>
<AuthProvider>
<TimezoneProvider>
<Inner />
</TimezoneProvider>
</AuthProvider>
</NavigationCancellationProvider>
</MemoryRouter>
</ThemeProvider>
);
render(composition);
await waitFor(() => {
expect(screen.getByTestId("inner")).toBeInTheDocument();
});
});
// -----------------------------------------------------------------------
// Test 3: Incorrect provider nesting (BrowserRouter missing) is detected
// -----------------------------------------------------------------------
it("throws when AuthProvider is outside BrowserRouter", async () => {
// AuthProvider uses useNavigate() which requires BrowserRouter context.
// If placed outside BrowserRouter, it should throw.
function BadlyNested(): React.JSX.Element {
return (
<ThemeProvider>
<AuthProvider>
<div>Should fail</div>
</AuthProvider>
</ThemeProvider>
);
}
expect(() => render(<BadlyNested />)).toThrow();
});
// -----------------------------------------------------------------------
// Test 4: Provider order matters - FluentProvider needs theme from ThemeProvider
// -----------------------------------------------------------------------
it("verify that ThemeProvider and FluentProvider order matters", async () => {
// FluentProvider needs theme from ThemeProvider via useThemeMode().
// This test verifies they work together when correctly nested.
function FluentContent(): React.JSX.Element {
return <div data-testid="fluent-content">Fluent content</div>;
}
const composition = createProviderComposition()
.withTheme({ children: undefined })
.withFluent({} as any)
.withNotification()
.withErrorBoundary()
.withBrowserRouter()
.withNavigationCancellation()
.withAuth()
.build(<FluentContent />);
render(composition);
await waitFor(() => {
expect(screen.getByTestId("fluent-content")).toBeInTheDocument();
});
});
// -----------------------------------------------------------------------
// Test 5: buildWithTimezone adds TimezoneProvider after AuthProvider
// -----------------------------------------------------------------------
it("buildWithTimezone() includes TimezoneProvider for protected routes", async () => {
function TimezoneContent(): React.JSX.Element {
return <div data-testid="timezone-content">Timezone content</div>;
}
const composition = createProviderComposition()
.withTheme({ children: undefined })
.withFluent({} as any)
.withNotification()
.withErrorBoundary()
.withBrowserRouter()
.withNavigationCancellation()
.withAuth()
.withTimezone({ children: <TimezoneContent /> })
.buildWithTimezone();
// Just verify it renders without throwing - ordering is enforced by builder
render(composition);
await waitFor(() => {
expect(screen.getByTestId("timezone-content")).toBeInTheDocument();
});
});
// -----------------------------------------------------------------------
// Test 6: All providers render without errors (nesting depth check)
// -----------------------------------------------------------------------
it("composition with all providers renders correctly", async () => {
function AllProvidersContent(): React.JSX.Element {
return <div data-testid="all-providers">All providers rendered</div>;
}
const composition = createProviderComposition()
.withTheme({ children: undefined })
.withFluent({} as any)
.withNotification()
.withErrorBoundary()
.withBrowserRouter()
.withNavigationCancellation()
.withAuth()
.withTimezone({ children: <AllProvidersContent /> })
.buildWithTimezone();
render(composition);
await waitFor(() => {
expect(screen.getByTestId("all-providers")).toBeInTheDocument();
});
});
});