feat: Refactor rides app with unique constraints, mixins, and enhanced documentation

- Added migration to convert unique_together constraints to UniqueConstraint for RideModel. - Introduced RideFormMixin for handling entity suggestions in ride forms. - Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements. - Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling. - Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples. - Implemented a benchmarking script for query performance analysis and optimization. - Developed security documentation detailing measures, configurations, and a security checklist. - Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.
2025-12-24 17:51:09 -05:00 · 2025-12-22 11:17:31 -05:00
parent 45d97b6e68
commit 2e35f8c5d9
71 changed files with 8036 additions and 1462 deletions
--- a/backend/templates/maps/partials/location_card.html
+++ b/backend/templates/maps/partials/location_card.html
@@ -77,7 +77,13 @@
        {% endif %}
        
        {% if show_trip_action %}
-            <button onclick="addToTrip({{ location|safe }})" 
+            {# Security: Use data attributes instead of inline JS with |safe #}
+            <button onclick="addToTripFromElement(this)"
+                    data-location-id="{{ location.id }}"
+                    data-location-type="{{ location.type }}"
+                    data-location-name="{{ location.name }}"
+                    data-location-lat="{{ location.latitude }}"
+                    data-location-lng="{{ location.longitude }}"
                    class="px-3 py-2 text-sm text-purple-600 border border-purple-600 rounded-lg hover:bg-purple-50 dark:hover:bg-purple-900 transition-colors"
                    title="Add to trip">
                <i class="fas fa-plus"></i>
@@ -316,6 +322,19 @@ window.addToTrip = function(locationData) {
    document.dispatchEvent(event);
 };

+// Security: Helper function to extract location data from element attributes
+// instead of using inline JavaScript with unsanitized data
+window.addToTripFromElement = function(element) {
+    const locationData = {
+        id: element.dataset.locationId,
+        type: element.dataset.locationType,
+        name: element.dataset.locationName,
+        latitude: parseFloat(element.dataset.locationLat),
+        longitude: parseFloat(element.dataset.locationLng)
+    };
+    addToTrip(locationData);
+};
+
 // Handle location card selection
 document.addEventListener('DOMContentLoaded', function() {
    document.addEventListener('click', function(e) {