Migrate to Zustand and Major Enhancements#1
Merged
Conversation
- initialize frontend project structure with state management, core layouts, and chat functionality
- new fields simple budget information - approval timesheet - project plan and period
- improve some pages more modern and user friendly - update form, comment, landing and login/register page
- improve all views available both dark/light mode - change icon web app
…chat to real-time Phase 1: Security Hardening & Input Sanitization - Purged duplicate Module imports (TimesheetModule, CommentModule) in `app.module.ts`. - Implemented lightweight, high-performance XSS input sanitization using a custom `@IsSanitizedString` decorator backed by the `xss` engine. - Protected User, Workspace, and Chat message DTOs from arbitrary script injection. - Replaced deprecated `csurf` library with dynamic Origin and Referer validation middleware combined with httpOnly/sameSite session cookies. - Fixed `migrate-passwords.ts` dotenv setup and migrated plain-text passwords into secure salted bcrypt hashes to match GqlAuthGuard validation. Phase 2: Infrastructure, Diagnostics & CI/CD - Added dynamic health check endpoints (/health, /health/liveness, /health/readiness) validating Postgres connections and memory footprint thresholds. - Integrated fail-fast environment validation using class-validator and class-transformer on bootstrap. - Built a unified HTTP & GraphQL Logging Interceptor generating random UUID tracking keys for requests. - Integrated a Global Exception Filter with fallback Sentry exception capturing. - Configured a multi-job GitHub Actions CI/CD workflow (.github/workflows/ci.yml) for automated builds. Phase 3: Performance, Code Splitting & Subscriptions - Purged legacy Socket.IO server and client dependencies completely. - Migrated the chat pipeline to Apollo GraphQL Subscriptions (OnMessageSent, OnMessageUpdated, OnMessageDeleted). - Configured Apollo Client caching type policies for paginated message buffers. - Enabled code splitting and bundle size reduction (Login bundle reduced to 4.3KB) using React.lazy code splitting. - Added performance database indexes to schema.prisma on relational keys (workspaceId, projectId, userId, etc.). - FIXED WebSocket subscription blocker by upgrading backend PubSub to use `asyncIterableIterator` matching graphql-subscriptions 3.0.0 API. - FIXED subscription context handshake crash by optional-chaining req headers in `logging.interceptor.ts`. - FIXED message ordering in the chat pane using ID-based ascending sort to bypass local cache-merge inconsistencies. Phase 4: DoS Protection & File Upload Hardening - Implemented AST-based GraphQL depth query limiting (maximum depth: 5) to protect against DoS. - Hardened file uploads by validating extensions/mime-types pre-write and enforcing a strict 10MB limit post-write. - Added comprehensive unit testing coverage for environment validation and query depth limiting. Phase 5: Collaborative Auditing & Pagination - Implemented non-destructive soft deletes (deletedAt) for collaborative models (Project, Comment, Timesheet). - Added backward-compatible cursor-based pagination alongside offset pagination for task query resolutions.
…nd activity feeds
…milestone support
…o dashboard layout
- dependencies package - formmating file - gql schema
Enforces strict type safety and achieves 0 linter warnings/errors across the entire backend and frontend applications without relying on global linter disable rules. Backend (NestJS) Refactoring: - Resolved dynamic `@sentry/node` packages using typed placeholder interfaces. - Replaced unused catch block error variables with modern ES2019 optional catch bindings. - Casted host context types to resolve GraphQL-to-HTTP union mismatches. - Properly typed Passport JWT strategy parameters and WS authenticated socket client extensions. Frontend (React / Vite) Refactoring: - Replaced implicit and explicit `any` assertions on form submit payloads with typesafe `Record<string, unknown>`. - Defined interface schemas (`ProjectAttachment`, `ProjectMember`, `AttachmentFile`, and `LoginData`) to type dynamically mapped records. - Casted API response arrays (e.g., `usersData?.users as UserType[]`) to utilize TypeScript type inference during mappings. - Refactored selection helpers to clear collections using typesafe double assertions (`null as unknown as Conversation`). - Coerced form values to standard strings via `String(...)` before parsing with `parseInt`/`parseFloat` to satisfy strict argument signatures.
… CSS warnings - Mock global ResizeObserver in vitest setup to support Headless UI components. - Introduce hidden native select within Select component to enable robust RTL and query selections. - Add id associations to Select wrappers in ProjectForm, TaskForm, and TimesheetForm. - Implement hasResetInitial state check to prevent form data loss when async users/projects load. - Shift index.css font @import statement to the top to resolve PostCSS ordering warnings. - Update test form input selectors to use getByLabelText for modern UI layouts.
…er and interceptor - Cast host.getType() and context.getType() as string to permit comparison with 'graphql'. - Fixes backend CI build failures.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.