|
|
6d8fb9105d
|
Code review fixes, Docker, and deployment config
- Fix tsconfig: switch to ESNext/Bundler module resolution (tsx compatible)
- Sanitize file extensions against path traversal (^.[a-zA-Z0-9]+$ only)
- Sanitize Content-Disposition filename to prevent header injection
- Extract tokenCookieOptions helper to eliminate duplication across auth handlers
- Remove unused baseUrl param from fileListPage
- Add Dockerfile (multi-stage build with alpine + native tools for bcrypt)
- Add docker-compose.yml with named volume for data persistence
- Add .env.example with all environment variables documented
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-03 15:58:39 -08:00 |
|
|
|
8fd1464b9d
|
Add server, routes, views, CLI, CSS, and integration tests
- Server factory with Fastify plugins (JWT, cookie, multipart, formbody, static)
- Auth middleware: requireAuth preHandler (401 for API, redirect for pages)
- Auth API routes: POST /api/v1/auth/login, POST /api/v1/auth/logout
- File API routes: GET/POST /api/v1/files, DELETE /api/v1/files/:id
- Page routes: /, /login, /logout, /upload, /files, /files/:id/delete, /f/:id, /f/:id/raw
- HTML views: layout, login, upload, file-list, file-view, not-found
- CLI register-user script
- public/style.css dark theme
- Test helpers: createTestApp, loginAs, buildMultipart
- Integration tests for auth API, file API, and page routes (51 tests passing)
- Update CLAUDE.md with red/green TDD and commit instructions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-03 15:55:14 -08:00 |
|
