generated from nhcarrigan/template
7579f1ec97
## Summary This PR implements several improvements to the library application: - Added start and finish date tracking for media items - Added "Retired" category for abandoned media - Implemented avatar-based user menu with dropdown navigation - Added automatic background token refresh to prevent session expiry - Created centralised logging system with frontend-to-API log forwarding - Added toast notifications for error handling ## Changes ### Media Tracking (#41) - Added `dateStarted` and `dateFinished` fields to Books, Games, Manga, Music, and Shows - Updated TypeScript types, Prisma schema, and API services - Added manual date input fields to frontend forms - Properly converts HTML date strings to Date objects before API submission ### Retired Category (#43) - Added `RETIRED` status to all media type enums - Updated Prisma schema, frontend dropdowns, and filter buttons - Added status label handling for retired items ### User Menu (#46) - Replaced username text with avatar image in header - Created dropdown menu with navigation items (Users, Audit, Suggestions) - Added logout button to menu - Implemented keyboard accessibility (tabindex, role, keyup handlers) ### Token Refresh (#44) - Implemented automatic token refresh every 13 minutes in background - Added proactive refresh to prevent token expiry during form filling - Prevents users from losing form data due to expired sessions ### Centralised Logging (#1) - Created `/log` endpoint on API to receive frontend logs - Replaced API console.log calls with @nhcarrigan/logger - Created ConsoleLoggerService to intercept all console methods on frontend - Added global error handlers (window.error, unhandledrejection) on frontend - Added process error handlers (uncaughtException, unhandledRejection, SIGTERM, SIGINT) on API - All frontend console activity now forwarded to centralised logging ### Error Handling - Created ToastService and ToastComponent for displaying errors - Integrated with GlobalErrorHandler and HTTP interceptor - Added accessibility features (keyboard navigation, ARIA attributes) - Set toast opacity to 40% for optimal readability ### Testing & Build - Fixed pre-existing test failure for GET / route (now returns version info) - Added ESM module mocking (jsdom, marked, dompurify, @nhcarrigan/logger) - Configured Jest with isolatedModules to handle TypeScript errors - Excluded test-setup.ts from production build - All tests passing (123 total) - Build passing with no errors ## Test Plan - [x] All tests pass (123 tests) - [x] Build passes without errors - [x] Lint passes (only pre-existing warnings) - [x] Date fields work correctly on all media types - [x] Retired status displays and filters properly - [x] Avatar menu opens/closes correctly with keyboard and mouse - [x] Token refresh prevents session expiry - [x] Toast notifications appear for errors - [x] Frontend logs forward to API successfully - [x] Root route returns version information Closes #41 Closes #43 Closes #44 Closes #46 Closes #1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Hikari <hikari@nhcarrigan.com> Reviewed-on: #50 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
70 lines
2.3 KiB
TypeScript
70 lines
2.3 KiB
TypeScript
import * as path from 'path';
|
|
import { FastifyInstance, FastifyError } from 'fastify';
|
|
import AutoLoad from '@fastify/autoload';
|
|
import { AuditService } from './services/audit.service';
|
|
import { AuditAction, AuditCategory } from '@library/shared-types';
|
|
|
|
/* eslint-disable-next-line */
|
|
export interface AppOptions {}
|
|
|
|
export async function app(fastify: FastifyInstance, opts: AppOptions) {
|
|
// Add global error handler for security event logging
|
|
fastify.setErrorHandler(async (error: FastifyError, request, reply) => {
|
|
// Log CSRF validation failures
|
|
if (error.code === 'FST_CSRF_INVALID_TOKEN' || error.code === 'FST_CSRF_MISSING_SECRET') {
|
|
await AuditService.log({
|
|
action: AuditAction.csrfValidationFailed,
|
|
category: AuditCategory.security,
|
|
details: `CSRF validation failed: ${error.message}, URL: ${request.url}`,
|
|
success: false,
|
|
}, request).catch(() => {
|
|
// Ignore logging errors
|
|
});
|
|
}
|
|
|
|
// Log unauthorized access attempts
|
|
if (error.statusCode === 401 || error.statusCode === 403) {
|
|
await AuditService.log({
|
|
action: AuditAction.unauthorizedAccess,
|
|
category: AuditCategory.security,
|
|
details: `Unauthorized access attempt: ${error.message}, URL: ${request.url}`,
|
|
success: false,
|
|
}, request).catch(() => {
|
|
// Ignore logging errors
|
|
});
|
|
}
|
|
|
|
// Send the error response (don't leak internal details for server errors)
|
|
const statusCode = error.statusCode ?? 500;
|
|
|
|
reply.status(statusCode).send({
|
|
statusCode,
|
|
error: statusCode >= 500 ? "Internal Server Error" : error.name,
|
|
message: statusCode >= 500 ? "An unexpected error occurred" : error.message,
|
|
});
|
|
});
|
|
|
|
// This loads all plugins defined in plugins
|
|
// those should be support plugins that are reused
|
|
// through your application
|
|
fastify.register(AutoLoad, {
|
|
dir: path.join(__dirname, 'plugins'),
|
|
options: { ...opts },
|
|
});
|
|
|
|
// This loads all plugins defined in routes
|
|
// define your routes in one of these
|
|
fastify.register(AutoLoad, {
|
|
dir: path.join(__dirname, 'routes'),
|
|
options: { ...opts, prefix: '/api' },
|
|
ignorePattern: /root\.ts$/,
|
|
});
|
|
|
|
// Register root route without prefix
|
|
fastify.register(AutoLoad, {
|
|
dir: path.join(__dirname, 'routes'),
|
|
options: { ...opts },
|
|
matchFilter: /root\.ts$/,
|
|
});
|
|
}
|