# BanGUI — Task List This document breaks the entire BanGUI project into development stages, ordered so that each stage builds on the previous one. Every task is described in prose with enough detail for a developer to begin work. References point to the relevant documentation. --- ## ✅ DONE — Issue: Setup forward **Problem:** No DB present did not forward to setup page; setup page was not redirecting to login when already done. **Fix:** - Added `SetupGuard` component (`src/components/SetupGuard.tsx`) that calls `GET /api/setup` on mount and redirects to `/setup` if not complete. - All routes except `/setup` are now wrapped in `SetupGuard` in `App.tsx`. - `SetupPage` calls `GET /api/setup` on mount and redirects to `/login` if already complete. --- ## ✅ DONE — Issue: Setup - Error during setup (500) **Problem:** `POST /api/setup` returned 500 on some runs. **Root cause:** `bcrypt.hashpw` and `bcrypt.checkpw` are CPU-bound blocking calls. Running them directly in an async FastAPI handler stalls the event loop under concurrent load, causing timeouts / 500 responses. **Fix:** - `setup_service.run_setup` now offloads bcrypt hashing to `loop.run_in_executor(None, ...)`. - `auth_service._check_password` was converted from a sync to an async function, also using `run_in_executor`. --- ## ✅ DONE — Issue: Setup - Security issue (password in plaintext) **Problem:** `master_password` was transmitted as plain text in the `POST /api/setup` and `POST /api/auth/login` request bodies. **Fix:** - Added `src/utils/crypto.ts` with a `sha256Hex(input)` helper using the browser-native `SubtleCrypto` API. - `SetupPage.handleSubmit` now SHA-256 hashes the password before submission. - `api/auth.ts login()` now SHA-256 hashes the password before the login POST. - The backend stores `bcrypt(sha256(password))`. The plaintext never leaves the browser. --- ## ✅ DONE — Clean command **Problem:** No easy way to wipe all debug compose volumes and start fresh. **Fix:** Added `Makefile` at the project root with targets: - `make up` — start the debug stack (detached) - `make down` — stop the debug stack - `make restart` — restart the debug stack - `make logs` — tail all logs - `make clean` — `compose down -v --remove-orphans` (removes all debug volumes)