Merged
Conversation
🔒 CRITICAL SECURITY FIXES: - Remove key embedding vulnerability (keys no longer stored in file headers) - Remove API keys from repository, add .env.example files - Add comprehensive input validation and sanitization - Implement rate limiting (10 requests/minute per IP) - Add security headers middleware (CSP, HSTS, X-Frame-Options) - Improve CORS configuration (remove wildcards) 🏗️ ARCHITECTURE IMPROVEMENTS: - Add service layer architecture for better separation of concerns - Create constants module to centralize magic numbers - Add validation module for comprehensive input checking - Add middleware module for security headers - Refactor main.rs to use service layer (reduced from 500+ to manageable size) - Implement clean error handling with proper HTTP status codes 🧪 TESTING & QUALITY: - Add comprehensive integration test suite - Fix all clippy warnings and linting issues - Add unit tests for validation functions - Test edge cases, error conditions, and large files 📚 DOCUMENTATION: - Add comprehensive SECURITY.md with threat model - Create separate README.md for backend and frontend - Update root README.md with security highlights - Add API documentation with examples - Document all new modules and functions 🛠️ DEVELOPER EXPERIENCE: - Add root package.json with concurrently for one-command setup - Implement unified npm scripts (dev, build, test, start) - Add .env.example files for proper environment setup - Improve error messages and validation feedback 🔧 TECHNICAL IMPROVEMENTS: - Centralize constants in dedicated module - Add proper TypeScript types for frontend - Implement memory-safe key handling with zeroization - Add comprehensive logging and monitoring - Optimize dependency versions and remove unused imports 💥 BREAKING CHANGES: - Key-based encrypted files now require external key management - API keys must be configured via environment variables - Some internal APIs have changed (service layer refactor) This release significantly improves security, maintainability, and developer experience while fixing critical vulnerabilities.
🚀 Major Updates:
1. **Documentation Enhancement**
- Updated root README.md with improved Docker deployment section
- Added pre-built binary download instructions
- Created comprehensive individual README files for both frontend and backend
- Added detailed API documentation, architecture guides, and troubleshooting
2. **Docker Optimization**
- Implemented multi-stage builds for both frontend and backend
- Reduced image sizes: backend ~50MB (Alpine-based), frontend ~150MB
- Added .dockerignore files to exclude unnecessary files
- Enhanced docker-compose.yml with health checks, networks, and environment variables
- Added security improvements with non-root users and proper signal handling
3. **CI/CD Automation**
- Added comprehensive GitHub Actions workflows:
* test.yml: Automated testing for backend (Rust), frontend (Node.js), and integration tests
* release.yml: Automated cross-platform CLI builds and releases
- Automated builds for Windows (MSI installer), Linux (x64), and macOS (ARM64)
- Added proper caching, security checks, and artifact management
- Automated release creation with detailed changelogs and download instructions
4. **Frontend Improvements**
- Added Next.js standalone output for Docker optimization
- Implemented security headers and performance optimizations
- Added health check API endpoint for monitoring
- Enhanced build configuration for production deployments
5. **Backend Enhancements**
- Optimized Dockerfile with Alpine Linux and static linking
- Added health check endpoints and monitoring capabilities
- Improved security with proper user permissions and signal handling
These changes significantly improve the project's maintainability, deployment efficiency, and developer experience while maintaining security and performance standards.
…onal features
🎨 Major UI/UX Improvements:
- Replaced custom broken toast system with professional Sonner library
- Fixed copy button functionality for both human-readable and Base64 keys
- Added auto-scroll to keys section when generated (no more user confusion)
- Implemented full mobile responsiveness across all components
📱 Mobile Responsiveness:
- Mobile-first design with responsive breakpoints (sm/md/lg)
- Stacked layouts on mobile, horizontal on desktop
- Touch-friendly button sizes and proper spacing
- Optimized typography and icon scaling for mobile screens
- Full-width elements on mobile, constrained on desktop
🔧 Copy System Overhaul:
- Modern clipboard API with fallback support
- Context-aware copy (human-readable vs Base64 format)
- Professional toast notifications with descriptions
- Proper error handling and user feedback
- Smart button labeling ('Copy Words' vs 'Copy Key')
🚀 User Experience Enhancements:
- Auto-scroll to keys section when generated (solves discovery issue)
- Smooth animations and slide-in effects for new content
- Mobile-aware scroll offsets for navigation bars
- Clear visual feedback and professional notifications
- Improved tip text and user guidance
🏗️ Technical Improvements:
- Added Sonner toast library for professional notifications
- Implemented useRef and useEffect for auto-scroll functionality
- Enhanced responsive design patterns throughout
- Cleaned up debug code and console logs
- Optimized component structure for mobile performance
🎯 Key Features Added:
- Human-readable key format with word-based display
- PDF backup generation for encryption keys
- Professional EncryptX logo in PDF documents
- Context-aware copy functionality
- Mobile-optimized layouts and interactions
This commit represents a complete transformation of the user interface from a basic functional design to a professional, mobile-first application with excellent UX patterns."
- Fixed all documentation inconsistencies across README files - Updated CLI examples to match actual implementation - Resolved Clippy error in constants.rs (empty line after doc comment) - Fixed integration tests for empty file handling - Corrected hurl API tests to handle binary data properly - Added comprehensive CLI examples in backend DOCS.md - Updated frontend forms with consistent styling and error handling - Added screenshot assets for documentation - Improved API documentation with proper usage examples - Fixed doctest in lib.rs with proper async syntax All tests now pass: - Unit tests: 8 passed - CLI tests: 1 passed - Integration tests: 11 passed - Doc tests: 1 passed - Hurl API tests: 4 passed (Success)
- Use dynamic path detection for WiX Toolset installation - Add --force flag to chocolatey install to handle existing installations - Add proper error handling and verification for WiX tools - Support any WiX Toolset v3.x version (was hardcoded to v3.11) This fixes the Windows MSI build failure where the workflow was looking for WiX v3.11 but v3.14.1 was installed on GitHub runners.
- Add Platform="x64" to Package element to specify 64-bit installer - Add Win64="yes" to all Component elements for 64-bit compatibility - This fixes ICE80 error: "32BitComponent uses 64BitDirectory" The MSI installer now properly handles 64-bit Windows installation without validation errors during the light.exe build process.
- Fix tarball copy paths to look inside artifact directories - Add debug output to show downloaded artifact structure - Tarballs are uploaded inside artifact directories, not at root level This fixes the "cannot stat 'encryptx-linux-x64.tar.gz': No such file or directory" error in the release preparation step.
- Add 'contents: write' permission to allow creating releases - Add 'packages: write' permission for potential package publishing - Add 'actions: read' permission for workflow access This fixes the "Error 403: Resource not accessible by integration" error when trying to create GitHub releases.
…ults - Use windows-2022 instead of windows-latest to avoid future migration issues - Default to pre-release for all automated releases (tag pushes) - Add release_type choice input for manual workflow dispatch - Add clear pre-release warnings in release descriptions - Support explicit release vs prerelease selection in manual triggers This ensures safer releases and prepares for Windows Server 2025 migration.
- Fix multi-line expression syntax for prerelease field - Convert to single-line expression to avoid YAML parsing issues - Maintains same logic for pre-release detection This fixes the "error in your yaml syntax on line 366" issue.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Warning Rate limit exceeded@Amitminer has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 30 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⛔ Files ignored due to path filters (7)
📒 Files selected for processing (42)
WalkthroughAdds a cross-platform release workflow, extensive backend refactor introducing service/middleware/validation layers, new constants and file-format changes, rate limiting, and CLI rework. Frontend gains dual password/key flows, utilities for key display/PDF export, health endpoints, and build/runtime Docker optimizations. Documentation, examples, and configs are overhauled across repo. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor User
participant FE as Frontend (Next.js)
participant BE as Backend (Actix Web)
participant SV as FileEncryptionService
participant ENC as EncryptionService
participant DEC as DecryptionService
participant COMP as CompressionService
Note over BE,SF: New service-oriented backend flow
User->>FE: Upload file + (password|key)
FE->>BE: POST /encrypt<br/>headers: x-password | x-enc-key<br/>x-orig-filename
BE->>SV: encrypt_file(req, body)
SV->>COMP: compress(data) + flag
alt password provided
SV->>ENC: encrypt_with_password(...)
else key or none
SV->>ENC: encrypt_with_key(...)<br/>opt: generate key
end
ENC-->>SV: EncryptionResult (+opt generated key)
SV-->>BE: encrypted bytes
BE-->>FE: 200 octet-stream<br/>headers: x-generated-key? , Content-Disposition
FE-->>User: Download .xd + show key (if any)
User->>FE: Provide .xd +(password|key)
FE->>BE: POST /decrypt<br/>headers: x-password | x-enc-key
BE->>SV: decrypt_file(req, body)
alt password-based format
SV->>DEC: decrypt_with_password(...)
else key-based format
SV->>DEC: decrypt_with_key(...)
end
DEC-->>SV: DecryptionResult (bytes, filename)
SV-->>BE: decrypted bytes
BE-->>FE: 200 octet-stream<br/>Content-Disposition: original filename
FE-->>User: Save original file
sequenceDiagram
autonumber
participant GH as GitHub Tag/Dispatch
participant WF as Actions Workflow
participant W as build-windows
participant L as build-linux
participant M as build-macos
participant R as create-release
participant C as cleanup
GH-->>WF: Trigger v* tag or dispatch
WF->>W: Checkout, Rust, cache, build exe, WiX MSI
WF->>L: Checkout, Rust, deps, build, package tar.gz
WF->>M: Checkout, Rust, build, package tar.gz
W-->>R: Upload artifacts
L-->>R: Upload artifacts
M-->>R: Upload artifacts
R->>R: Aggregate, checksums, prerelease logic
R-->>GH: Publish release with assets
R-->>C: Done
C->>C: Delete artifacts
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120 minutes Possibly related PRs
Poem
✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
- Add Docker setup as recommended option for quick testing - Keep development setup for contributors and developers - Organize setup options logically with clear guidance - Resolve conflict between Docker and npm setup approaches This provides users with both quick Docker testing and detailed development setup options.
- Add Docker commands section alongside NPM scripts - Organize scripts by complexity (Docker simplest, NPM for development) - Include both approaches to prevent merge conflicts - Maintain all functionality from both branches This should resolve the merge conflict between Docker and NPM script approaches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Documentation
Tests
Chores