BanGUI/Docs/Tasks.md at bc4ba703f0694f7268ef17d579ab446b07dd0c5d

Files

Lukas bc4ba703f0 Fix #34 : Replace setup redirect allowlist prefix matching with explicit allowlist

- Replace fragile startswith() matching with explicit path matching
- Split allowlist into _EXACT_ALLOWED (exact paths) and _PREFIX_ALLOWED (prefixes)
- Prefix paths MUST end with '/' to prevent matching unintended paths like /api/setup-debug
- Paths correctly matched: /api/setup, /api/health, /api/docs, /api/redoc, /api/openapi.json, /api/setup/timezone
- Paths correctly blocked: /api/setup-debug, /api/setup123, /api/jails
- Add comprehensive Setup Guard Route Policy documentation to Backend-Development.md
- Update line numbers in documentation to reflect current implementation

This prevents future route additions from accidentally bypassing the setup guard.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-29 19:45:42 +02:00

4.7 KiB

Raw Blame History

34) Setup redirect allowlist uses broad prefix matching

Where found:
- backend/app/main.py
Why this is needed:
- Prefix-based allow rules are fragile for future route additions.
Goal:
- Use exact path or route-level allow policy.
What to do:
- Replace startswith matching with explicit allowlist checks.
Possible traps and issues:
- API docs and setup flow paths must remain reachable.
Docs changes needed:
- Add setup guard route policy documentation.
Doc references:
- backend/app/main.py

35) API client sends JSON and CSRF header for every request method

Where found:
- frontend/src/api/client.ts
Why this is needed:
- Extra headers on GET increase unnecessary CORS preflights and noise.
Goal:
- Apply headers by method/body requirements.
What to do:
- Only set Content-Type for requests with JSON body.
- Send CSRF header for mutating cookie-authenticated requests only.
Possible traps and issues:
- CSRF protection assumptions must still hold for all mutating paths.
Docs changes needed:
- Update frontend API client contract and CSRF notes.
Doc references:
- backend/app/middleware/csrf.py

36) Polling continues when tab is not visible

Where found:
- frontend/src/hooks/usePolledData.ts
- frontend/src/hooks/useBlocklistStatus.ts
Why this is needed:
- Unnecessary backend load and client resource usage in background tabs.
Goal:
- Pause/reduce polling when page is hidden.
What to do:
- Add visibility-aware polling strategy and optional backoff.
Possible traps and issues:
- Data may appear stale immediately after tab restore if refresh is delayed.
Docs changes needed:
- Add frontend polling lifecycle policy.
Doc references:
- Docs/Web-Development.md

37) Multi-worker safety check depends on one environment variable

Where found:
- backend/app/startup.py
Why this is needed:
- Other process managers can still launch multiple workers without this variable.
Goal:
- Enforce scheduler single-executor safety regardless of launcher.
What to do:
- Add robust single-run lock/leader mechanism for scheduler ownership.
Possible traps and issues:
- Locking strategy must be reliable in container orchestration.
Docs changes needed:
- Expand deployment constraints and supported run modes.
Doc references:
- Docs/Architekture.md

38) History archive query paths may need explicit indexing plan

Where found:
- backend/app/db.py
- backend/app/repositories/history_archive_repo.py
Why this is needed:
- Large archive datasets can degrade filter/sort performance.
Goal:
- Add indexes aligned with real query patterns.
What to do:
- Benchmark common history queries.
- Add migration with targeted indexes.
Possible traps and issues:
- Extra indexes increase write cost and DB size.
Docs changes needed:
- Add DB performance/indexing section for history.
Doc references:
- Docs/Backend-Development.md
- https://www.sqlite.org/queryplanner.html

39) No explicit DI container strategy for backend service graph

Where found:
- backend/app/dependencies.py
- backend/app/services
Why this is needed:
- Dependency construction and lifecycle are partly implicit.
Goal:
- Define a clear dependency wiring pattern for services and repositories.
What to do:
- Create service composition root pattern and document usage.
Possible traps and issues:
- Over-engineering if container abstraction is too heavy for current size.
Docs changes needed:
- Add dependency wiring chapter.
Doc references:
- Docs/Architekture.md

40) Frontend and backend observability are not aligned

Where found:
- backend/app/main.py
- frontend/src
Why this is needed:
- Backend uses structured logging while frontend error telemetry is mostly local and ad-hoc.
Goal:
- Define unified error telemetry and correlation approach.
What to do:
- Introduce frontend error reporting pipeline and request correlation IDs.
Possible traps and issues:
- PII/sensitive payload leakage risk in client-side telemetry.
Docs changes needed:
- Add observability and privacy-safe logging guidelines.
Doc references:
- Docs/Architekture.md
- Docs/Web-Development.md

4.7 KiB Raw Blame History

34) Setup redirect allowlist uses broad prefix matching

35) API client sends JSON and CSRF header for every request method

36) Polling continues when tab is not visible

37) Multi-worker safety check depends on one environment variable

38) History archive query paths may need explicit indexing plan

39) No explicit DI container strategy for backend service graph

40) Frontend and backend observability are not aligned

4.7 KiB

Raw Blame History