DocFast session 57: codebase audit, 4 fixes prepared, git push blocked
This commit is contained in:
Hoid
parent
f7cda52b22
commit
0cc0c0860d
7 changed files with 251 additions and 53 deletions
|
|
@ -8,13 +8,35 @@
|
|||
- **Fix:** Cache-aside pattern — check DB when key not in memory cache
|
||||
- **Verified:** 6/6 requests succeed after signup on 2-replica prod deployment
|
||||
|
||||
### BUG-004: CSP blocks all inline event handlers (CRITICAL) — FIXED v0.2.3
|
||||
- **Found:** Session 4 (investor-reported)
|
||||
- **Impact:** ALL interactive functionality broken — signup modal, playground, mobile nav, FAQ toggles
|
||||
- **Root cause:** Helmet's default CSP includes `script-src-attr 'none'` which blocks onclick/onsubmit handlers
|
||||
- **Fix:** Added `scriptSrcAttr: ["'unsafe-inline'"]` to helmet CSP config
|
||||
- **Verified:** Signup modal opens, API key generated, playground takes screenshots, mobile nav works
|
||||
|
||||
### BUG-005: Mobile nav has no CSS for .show class (HIGH) — FIXED v0.2.3
|
||||
- **Found:** Session 4 (investor-reported)
|
||||
- **Impact:** Hamburger menu toggle did nothing — nav links invisible on mobile
|
||||
- **Root cause:** CSS had `display:none` for `.nav-links` on mobile but no rule for `.nav-links.show`
|
||||
- **Fix:** Added `.nav-links.show{display:flex; flex-direction:column; ...}` with absolute positioning
|
||||
- **Verified:** Hamburger opens/closes menu, links visible and clickable
|
||||
|
||||
### BUG-006: Signup buttons use href="#" causing scroll (MEDIUM) — FIXED v0.2.3
|
||||
- **Found:** Session 4 (investor-reported)
|
||||
- **Impact:** Clicking "Get Free API Key" scrolled to top instead of opening signup modal
|
||||
- **Root cause:** `href="#"` navigated before onclick could fire (CSP was the bigger issue, but this was also broken)
|
||||
- **Fix:** Changed all signup links to `href="javascript:void(0)"`
|
||||
- **Verified:** All 4 signup CTAs correctly open the modal
|
||||
|
||||
### BUG-002: No email verification on signup (MEDIUM) — CLOSED v0.3.0
|
||||
- **Impact:** Anyone can create unlimited keys with fake emails
|
||||
- **Resolution:** Free signup removed entirely. Playground is the free demo (no keys needed). Paid signup will go through Stripe.
|
||||
|
||||
### BUG-003: No API key recovery (MEDIUM) — CLOSED v0.3.0
|
||||
- **Impact:** Lost API key = create new account
|
||||
- **Resolution:** Free tier removed. Paid tier key recovery will be handled via Stripe customer portal.
|
||||
|
||||
## Open
|
||||
|
||||
### BUG-002: No email verification on signup (MEDIUM)
|
||||
- **Impact:** Anyone can create unlimited keys with fake emails
|
||||
- **Mitigation:** Same email returns same key (dedup)
|
||||
- **Status:** Deferred — needs email service setup
|
||||
|
||||
### BUG-003: No API key recovery (MEDIUM)
|
||||
- **Impact:** Lost API key = create new account
|
||||
- **Status:** Needs email verification first
|
||||
No open bugs.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue