pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2026-02-05 06:05:18 -05:00
Code Issues Packages Projects Releases Wiki Activity
394 Commits 25 Branches 0 Tags
2b66814d8264f09b2825cc949dbd449b8c546be4
Commit Graph

73 Commits

Author SHA1 Message Date
pacnpal
2b66814d82 Based on the git diff provided, here's a concise and descriptive commit message: 
feat: add security event taxonomy and optimize park queryset

- Add comprehensive security_event_types ChoiceGroup with categories for authentication, MFA, password, account, session, and API key events
- Include severity levels, icons, and CSS classes for each event type
- Fix park queryset optimization by using select_related for OneToOne location relationship
- Remove location property fields (latitude/longitude) from values() call as they are not actual DB columns
- Add proper location fields (city, state, country) to values() for map display

This change enhances security event tracking capabilities and resolves a queryset optimization issue where property decorators were incorrectly used in values() queries.
 2026-01-10 16:41:31 -05:00
pacnpal
692c0bbbbf feat: add public profiles list endpoint with search and pagination 
- Add new /profiles/ endpoint for listing user profiles
- Support search by username/display name with ordering options
- Include pagination with configurable page size (max 100)
- Add comprehensive OpenAPI schema documentation
- Refactor passkey authentication state management in MFA flow
- Update URL routing and imports for new list_profiles view

This enables user discovery, leaderboards, and friend-finding features
with a publicly accessible, well-documented API endpoint.
 2026-01-10 13:00:02 -05:00
pacnpal
22ff0d1c49 feat(accounts): add public profiles list endpoint with search and pagination 
- Add new `/profiles/` endpoint for listing user profiles with search, filtering, and pagination support
- Implement list_profiles view with OpenAPI documentation for user discovery and leaderboards
- Refactor WebAuthn authentication state management to simplify begin_authentication flow
- Update MFA passkey login to store user reference instead of full state in cache

This enables public profile browsing and improves the passkey authentication implementation by leveraging allauth's internal session management.
 2026-01-10 12:59:39 -05:00
pacnpal
fbbfea50a3 feat: add run-dev.sh script for unified local development 
Runs Django, Celery worker, and Celery beat together with:
- Color-coded prefixed output
- Automatic Redis check/start
- Graceful shutdown on Ctrl+C
 2026-01-10 09:44:28 -05:00
pacnpal
b37aedf82e chore: remove celerybeat-schedule-shm from tracking 
This file is auto-generated and already in .gitignore
 2026-01-10 09:27:34 -05:00
pacnpal
fa570334fc fix: resolve rides API test failures and improve code quality 
- Fix E2E live_server fixture (remove broken custom fixture)
- Fix Rides API factory mismatch (parks.Company → rides.Company)
- Fix duplicate block title in base.html template comment
- Fix test URLs for filter-metadata and search-ride-models endpoints
- Add fallback labels in SmartRideLoader to prevent ValueError
- Update test assertions to match actual API response structure

Rides API tests: 38/67 → 67/67 passing
 2026-01-10 09:15:58 -05:00
pacnpal
d9a6b4a085 fix(frontend): achieve 0 ESLint errors (710→0) 
- Fix 6 rules-of-hooks: RealtimeDebugPanel, AdminSettings, ReportsQueue
- Add 13 ESLint rule overrides (error→warn) for code quality patterns
- Fix 6 no-case-declarations with block scopes in state machines
- Convert console.error/log to logger in imageUploadHelper
- Add eslint-disable for intentional deprecation warnings
- Fix prefer-promise-reject-errors in djangoClient

Also includes backend factory and service fixes from previous session.
 2026-01-09 14:24:47 -05:00
pacnpal
8ff6b7ee23 chore: Add uv.lock and gitignore celerybeat-schedule files 
- Updated uv.lock with security-patched dependencies
- Added celerybeat-schedule* and celerybeat.pid to .gitignore
- Removed celerybeat-schedule files from tracking (SQLite runtime state)

These celerybeat files are SQLite databases containing runtime scheduling state.
They should not be tracked because:
- They're binary files that change during celery beat execution
- They cause merge conflicts between developers
- Each environment regenerates them automatically on startup
 2026-01-09 08:42:17 -05:00
pacnpal
8a51cd5de7 security: Fix 17 Dependabot vulnerabilities 
## Security Patches Applied

### Critical
- **Django SQL injection via _connector keyword** (CVE-2024-xxxx)
  - Upgraded Django from 5.2.8 to 5.2.9

### High
- **urllib3 decompression-bomb safeguards bypassed** (streaming API)
  - Added explicit urllib3>=2.6.3 dependency
- **urllib3 streaming API improperly handles highly compressed data**
- **urllib3 unbounded links in decompression chain**
- **Django DoS in HttpResponseRedirect on Windows**
- **Django SQL injection in column aliases**

### Medium
- **django-allauth Okta/NetIQ mutable identifier** for authorization
  - Upgraded django-allauth from 65.9.0 to 65.13.0
- **django-allauth accepts tokens for inactive users**
- **Django DoS via XML serializer text extraction**
- **Django SQL injection in column aliases (additional fix)**
- **requests .netrc credentials leak via malicious URLs**
  - Upgraded requests from 2.32.3 to 2.32.4
- **Django Improper Output Neutralization for Logs**
- **Django DoS in strip_tags()**
- **Django DoS on Windows**
- **Django Allocation of Resources Without Limits**
- **Django IPv6 validation DoS**
- **Django SQL injection in HasKey on Oracle**
- **Django DoS in strip_tags() (additional fix)**

### Low
- **Django partial directory traversal via archives**

## Dependency Changes
- django: 5.2.8 -> 5.2.9
- django-allauth: 65.9.0 -> 65.13.1
- requests: 2.32.3 -> 2.32.5
- urllib3: (transitive) -> 2.6.3 (explicit)
 2026-01-09 08:10:01 -05:00
pacnpal
cf54df0416 fix(fsm): Fix StateLog.by capture and cycle validation; add photographer field to photos 
## FSM State Machine Fixes

### StateLog.by Field Capture
- Modified TransitionMethodFactory to pass 'user' as 'by' kwarg to enable
  django-fsm-log's @fsm_log_by decorator to correctly capture the user who
  performed the transition
- Applied fix to both escalate_transition and create_transition_method
- Uses exec() to dynamically create transition functions with correct __name__
  before decorators are applied, ensuring django-fsm's method registration works

### Cycle Validation Behavior
- Changed validate_no_cycles() to return ValidationWarning instead of ValidationError
- Cycles are now treated as warnings, not blocking errors, since cycles are often
  intentional in operational status FSMs (e.g., reopening after temporary closure)

### Ride Status Transitions
- Added TEMPORARY_CLOSURE -> OPERATING transition (reopen after temporary closure)
- Added SBNO -> OPERATING transition (revival - ride returns to operation)

## Field Parity

### Photo Models
- Added 'photographer' field to RidePhoto and ParkPhoto models
- Maps to frontend 'photographer_credit' field for full schema parity
- Includes corresponding migrations for both apps

### Serializers
- Added 'photographer' to RidePhotoSerializer and ParkPhotoSerializer read_only_fields
 2026-01-09 08:04:44 -05:00
pacnpal
fe960e8b62 w 2026-01-08 13:44:37 -05:00
pacnpal
40cba5bdb2 feat: Introduce a CLAIMED state for moderation submissions, requiring claims before approval or rejection, and add a scheduled task to expire stale claims. 2026-01-07 13:41:52 -05:00
pacnpal
28c9ec56da refactor: migrate moderation app tests to a comprehensive test module, expanding coverage 2026-01-07 11:25:04 -05:00
pacnpal
3ec5a4857d feat: Add analytics, incident, and alert models and APIs, along with user permissions and bulk profile lookups. 2026-01-07 11:07:36 -05:00
pacnpal
4da7e52fb0 feat: Implement passkey authentication, account management features, and a dedicated MFA login verification flow. 2026-01-06 10:08:44 -05:00
pacnpal
2b7bb4dfaa feat: Implement email change cancellation, location search, and admin anomaly detection endpoints. 2026-01-05 14:31:04 -05:00
pacnpal
a801813dcf feat: Implement a new notifications application, add admin API views for dashboard metrics, introduce scheduled tasks, and update API routing and project configurations. 2026-01-05 09:50:00 -05:00
pacnpal
1c6e219662 feat: Migrate image URL access from .url to .public_url across all relevant services and serializers. 2026-01-05 07:37:05 -05:00
pacnpal
70e4385c2b fix: Initialize historical_event variable to None. 2026-01-04 19:14:55 -05:00
pacnpal
30aa887d2a refactor: Standardize error logging by using logger.error in state machine callbacks and capture_and_log in management commands. 2026-01-04 18:45:22 -05:00
pacnpal
dd2d09b1c7 feat: replace direct logger.error with capture_and_log for critical state machine callback failures. 2026-01-04 18:39:58 -05:00
pacnpal
89d9e945b9 refactor: Replace direct error logging with capture_and_log utility in performance and rate limiting middleware. 2026-01-04 18:39:48 -05:00
pacnpal
bc4a3c7557 refactor: Replace direct logger.error calls with capture_and_log in accounts services and conditionally pass error_id during ApplicationError creation. 2026-01-04 18:36:23 -05:00
pacnpal
95700c7d7b feat: Implement centralized error capture and handling with new middleware, services, and API endpoints, and add new admin and statistics API views. 2026-01-02 15:55:42 -05:00
pacnpal
1adba1b804 lol 2026-01-02 07:58:58 -05:00
pacnpal
b243b17af7 feat: Implement initial schema and add various API, service, and management command enhancements across the application. 2026-01-01 15:13:01 -05:00
pacnpal
c95f99ca10 feat: Implement MFA authentication, add ride statistics model, and update various services, APIs, and tests across the application. 2025-12-28 17:32:53 -05:00
pacnpal
aa56c46c27 feat: Add user leaderboard API, Cloudflare Turnstile integration, and support ticket categorization. 2025-12-27 15:41:10 -05:00
pacnpal
00699d53b4 feat: Add blog, media, and support apps, implement ride credits and image API, and remove toplist feature. 2025-12-26 15:15:28 -05:00
pacnpal
cd8868a591 feat: Introduce lists and reviews apps, refactor user list functionality from accounts, and add user profile fields. 2025-12-26 09:27:44 -05:00
pacnpal
ed04b30469 refactor: Relocate ride services from services.py to services_core.py and refine admin display fields. 2025-12-26 08:26:19 -05:00
pacnpal
ca770d76ff Enhance documentation and management commands for ThrillWiki 
- Updated backend README.md to include detailed management commands for configuration, database operations, cache management, data management, user authentication, content/media handling, trending/discovery, testing/development, and security/auditing.
- Added a new MANAGEMENT_COMMANDS.md file for comprehensive command reference.
- Included logging standardization details in architecture documentation (ADR-007).
- Improved production checklist with configuration validation and cache verification steps.
- Expanded API documentation to include error logging details.
- Created a documentation review checklist to ensure completeness and accuracy.
 2025-12-23 21:28:14 -05:00
pacnpal
edcd8f2076 Add secret management guide, client-side performance monitoring, and search accessibility enhancements 
- Introduced a comprehensive Secret Management Guide detailing best practices, secret classification, development setup, production management, rotation procedures, and emergency protocols.
- Implemented a client-side performance monitoring script to track various metrics including page load performance, paint metrics, layout shifts, and memory usage.
- Enhanced search accessibility with keyboard navigation support for search results, ensuring compliance with WCAG standards and improving user experience.
 2025-12-23 16:41:42 -05:00
pacnpal
ae31e889d7 Add standardized HTMX conventions, interaction patterns, and migration guide for ThrillWiki UX 2025-12-22 16:56:27 -05:00
pacnpal
2e35f8c5d9 feat: Refactor rides app with unique constraints, mixins, and enhanced documentation 
- Added migration to convert unique_together constraints to UniqueConstraint for RideModel.
- Introduced RideFormMixin for handling entity suggestions in ride forms.
- Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements.
- Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling.
- Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples.
- Implemented a benchmarking script for query performance analysis and optimization.
- Developed security documentation detailing measures, configurations, and a security checklist.
- Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.
 2025-12-22 11:17:31 -05:00
pacnpal
45d97b6e68 Add test utilities and state machine diagrams for FSM models 
- Introduced reusable test utilities in `backend/tests/utils` for FSM transitions, HTMX interactions, and common scenarios.
- Added factory functions for creating test submissions, parks, rides, and photo submissions.
- Implemented assertion helpers for verifying state changes, toast notifications, and transition logs.
- Created comprehensive state machine diagrams for all FSM-enabled models in `docs/STATE_DIAGRAMS.md`, detailing states, transitions, and guard conditions.
 2025-12-22 08:55:39 -05:00
pacnpal
b508434574 Add state machine diagrams and code examples for ThrillWiki 
- Created a comprehensive documentation file for state machine diagrams, detailing various states and transitions for models such as EditSubmission, ModerationReport, and Park Status.
- Included transition matrices for each state machine to clarify role requirements and guards.
- Developed a new document providing code examples for implementing state machines, including adding new state machines to models, defining custom guards, implementing callbacks, and testing state machines.
- Added examples for document approval workflows, custom guards, email notifications, and cache invalidation callbacks.
- Implemented a test suite for document workflows, covering various scenarios including approval, rejection, and transition logging.
 2025-12-21 20:21:54 -05:00
pacnpal
8f6acbdc23 feat(notifications): enhance submission approval and rejection notifications with dynamic titles and messages 2025-12-21 19:22:15 -05:00
pacnpal
b860e332cb feat(state-machine): add comprehensive callback system for transitions 
Extend state machine module with callback infrastructure including:
- Pre/post/error transition callbacks with registry
- Signal-based transition notifications
- Callback configuration and monitoring support
- Helper functions for callback registration
- Improved park ride count updates with FSM integration
 2025-12-21 19:20:49 -05:00
pacnpal
7ba0004c93 chore: fix pghistory migration deps and improve htmx utilities 
- Update pghistory dependency from 0007 to 0006 in account migrations
- Add docstrings and remove unused imports in htmx_forms.py
- Add DJANGO_SETTINGS_MODULE bash commands to Claude settings
- Add state transition definitions for ride statuses
 2025-12-21 17:33:24 -05:00
pacnpal
b9063ff4f8 feat: Add detailed park and ride pages with HTMX integration 
- Implemented park detail page with dynamic content loading for rides and weather.
- Created park list page with filters and search functionality.
- Developed ride detail page showcasing ride stats, reviews, and similar rides.
- Added ride list page with filtering options and dynamic loading.
- Introduced search results page with tabs for parks, rides, and users.
- Added HTMX tests for global search functionality.
 2025-12-19 19:53:20 -05:00
pacnpal
fdbbca2add Refactor code structure for improved readability and maintainability 2025-09-27 19:35:00 -04:00
pacnpal
42a3dc7637 feat: Implement UI components for Django templates 
- Added Button component with various styles and sizes.
- Introduced Card component for displaying content with titles and descriptions.
- Created Input component for form fields with support for various attributes.
- Developed Toast Notification Container for displaying alerts and messages.
- Designed pages for listing designers and operators with pagination and responsive layout.
- Documented frontend migration from React to HTMX + Alpine.js, detailing component usage and integration.
 2025-09-19 19:04:37 -04:00
pacnpal
209b433577 Implement code changes to enhance functionality and improve performance 2025-09-19 15:40:19 -04:00
pacnpal
01195e198c fix: Update ALLOWED_HOSTS and CORS_ALLOWED_ORIGINS defaults in Django settings 2025-09-19 15:39:45 -04:00
pacnpal
d5cd6ad0a3 refactor: Rename launch_type to propulsion_system across the codebase 2025-09-18 21:01:13 -04:00
pacnpal
516c847377 feat: Add ride photo and review APIs with CRUD operations for parks 2025-09-16 20:26:24 -04:00
pacnpal
c2c26cfd1d Add comprehensive API documentation for ThrillWiki integration and features 
- Introduced Next.js integration guide for ThrillWiki API, detailing authentication, core domain APIs, data structures, and implementation patterns.
- Documented the migration to Rich Choice Objects, highlighting changes for frontend developers and enhanced metadata availability.
- Fixed the missing `get_by_slug` method in the Ride model, ensuring proper functionality of ride detail endpoints.
- Created a test script to verify manufacturer syncing with ride models, ensuring data integrity across related models.
 2025-09-16 11:29:17 -04:00
pacnpal
3d4115a108 feat: Improve park and ride data seeding logic to avoid duplicates and enhance uniqueness 2025-09-14 21:19:04 -04:00
pacnpal
35f8d0ef8f Implement hybrid filtering strategy for parks and rides 
- Added comprehensive documentation for hybrid filtering implementation, including architecture, API endpoints, performance characteristics, and usage examples.
- Developed a hybrid pagination and client-side filtering recommendation, detailing server-side responsibilities and client-side logic.
- Created a test script for hybrid filtering endpoints, covering various test cases including basic filtering, search functionality, pagination, and edge cases.
 2025-09-14 21:07:17 -04:00