lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f06fea699f868e2b12d94c171138145c9e616cb9
BanGUI/Docs/Tasks.md
Lukas e8214b5856 fix: use backend service name in Vite proxy target 
Vite runs inside the frontend container where 'localhost' resolves to
the container itself, not the backend.  Change the /api proxy target
from http://localhost:8000 to http://backend:8000 so the request is
routed to the backend service over the compose network.
2026-03-01 19:21:30 +01:00

63 lines
2.7 KiB
Markdown
Raw Blame History

# BanGUI — Task List
This document breaks the entire BanGUI project into development stages, ordered so that each stage builds on the previous one. Every task is described in prose with enough detail for a developer to begin work. References point to the relevant documentation.
---
## ✅ DONE — Issue: Vite proxy ECONNREFUSED
**Problem:** The Vite dev server (running inside the frontend container) proxied
`/api` to `http://localhost:8000`. Inside the container network `localhost`
resolves to the container itself, not the backend service, causing
`AggregateError [ECONNREFUSED]` for every API call.
**Fix:** Changed `vite.config.ts` proxy target from `http://localhost:8000` to
`http://backend:8000` so Vite uses the Docker/Podman compose service DNS name
to reach the backend container over the shared network.
---
**Problem:** No DB present did not forward to setup page; setup page was not redirecting to login when already done.
**Fix:**
- Added `SetupGuard` component (`src/components/SetupGuard.tsx`) that calls `GET /api/setup` on mount and redirects to `/setup` if not complete.
- All routes except `/setup` are now wrapped in `SetupGuard` in `App.tsx`.
- `SetupPage` calls `GET /api/setup` on mount and redirects to `/login` if already complete.
---
## ✅ DONE — Issue: Setup - Error during setup (500)
**Problem:** `POST /api/setup` returned 500 on some runs.
**Root cause:** `bcrypt.hashpw` and `bcrypt.checkpw` are CPU-bound blocking calls. Running them directly in an async FastAPI handler stalls the event loop under concurrent load, causing timeouts / 500 responses.
**Fix:**
- `setup_service.run_setup` now offloads bcrypt hashing to `loop.run_in_executor(None, ...)`.
- `auth_service._check_password` was converted from a sync to an async function, also using `run_in_executor`.
---
## ✅ DONE — Issue: Setup - Security issue (password in plaintext)
**Problem:** `master_password` was transmitted as plain text in the `POST /api/setup` and `POST /api/auth/login` request bodies.
**Fix:**
- Added `src/utils/crypto.ts` with a `sha256Hex(input)` helper using the browser-native `SubtleCrypto` API.
- `SetupPage.handleSubmit` now SHA-256 hashes the password before submission.
- `api/auth.ts login()` now SHA-256 hashes the password before the login POST.
- The backend stores `bcrypt(sha256(password))`. The plaintext never leaves the browser.
---
## ✅ DONE — Clean command
**Problem:** No easy way to wipe all debug compose volumes and start fresh.
**Fix:** Added `Makefile` at the project root with targets:
- `make up` — start the debug stack (detached)
- `make down` — stop the debug stack
- `make restart` — restart the debug stack
- `make logs` — tail all logs
- `make clean``compose down -v --remove-orphans` (removes all debug volumes)
Reference in New Issue View Git Blame Copy Permalink