lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8214b58564bf3de186992d3c4ac0bb225d7d09f
BanGUI/Docs/Tasks.md
Lukas e8214b5856 fix: use backend service name in Vite proxy target 
Vite runs inside the frontend container where 'localhost' resolves to
the container itself, not the backend.  Change the /api proxy target
from http://localhost:8000 to http://backend:8000 so the request is
routed to the backend service over the compose network.
2026-03-01 19:21:30 +01:00

2.7 KiB
Raw Blame History

BanGUI — Task List

This document breaks the entire BanGUI project into development stages, ordered so that each stage builds on the previous one. Every task is described in prose with enough detail for a developer to begin work. References point to the relevant documentation.

DONE — Issue: Vite proxy ECONNREFUSED

Problem: The Vite dev server (running inside the frontend container) proxied /api to http://localhost:8000. Inside the container network localhost resolves to the container itself, not the backend service, causing AggregateError [ECONNREFUSED] for every API call.

Fix: Changed vite.config.ts proxy target from http://localhost:8000 to http://backend:8000 so Vite uses the Docker/Podman compose service DNS name to reach the backend container over the shared network.

Problem: No DB present did not forward to setup page; setup page was not redirecting to login when already done.

Fix:

  • Added SetupGuard component (src/components/SetupGuard.tsx) that calls GET /api/setup on mount and redirects to /setup if not complete.
  • All routes except /setup are now wrapped in SetupGuard in App.tsx.
  • SetupPage calls GET /api/setup on mount and redirects to /login if already complete.

DONE — Issue: Setup - Error during setup (500)

Problem: POST /api/setup returned 500 on some runs.

Root cause: bcrypt.hashpw and bcrypt.checkpw are CPU-bound blocking calls. Running them directly in an async FastAPI handler stalls the event loop under concurrent load, causing timeouts / 500 responses.

Fix:

  • setup_service.run_setup now offloads bcrypt hashing to loop.run_in_executor(None, ...).
  • auth_service._check_password was converted from a sync to an async function, also using run_in_executor.

DONE — Issue: Setup - Security issue (password in plaintext)

Problem: master_password was transmitted as plain text in the POST /api/setup and POST /api/auth/login request bodies.

Fix:

  • Added src/utils/crypto.ts with a sha256Hex(input) helper using the browser-native SubtleCrypto API.
  • SetupPage.handleSubmit now SHA-256 hashes the password before submission.
  • api/auth.ts login() now SHA-256 hashes the password before the login POST.
  • The backend stores bcrypt(sha256(password)). The plaintext never leaves the browser.

DONE — Clean command

Problem: No easy way to wipe all debug compose volumes and start fresh.

Fix: Added Makefile at the project root with targets:

  • make up — start the debug stack (detached)
  • make down — stop the debug stack
  • make restart — restart the debug stack
  • make logs — tail all logs
  • make cleancompose down -v --remove-orphans (removes all debug volumes)
Reference in New Issue View Git Blame Copy Permalink