nigelnindodev / tafsiri Goto Github PK

Seems something trivial to change in Elysia isn't working. Setting status code using ctx.set.status = [code] isn't working.

Discovered while attempting to change the successful POST status code from 200 to 201.

Error status code changes work though.

This issue will track investigation, and PR will be closed once we return correct status code (201) fro created items.

Currently, we load all the data from the backend for payments and order history. This isn't feasible in a real-world application due to causing performance issues on the DB, network bandwidth ie.

This issue will track adding pagination functionality.

Acceptance Criteria:

• Add limit/offset db queries for all API endpoints requiring pagination
• Add UI components to manage the pagination state

Acceptance Criteria:

• Remove all calls to console.log
• Create structure for all application log levels

Logging transports will be handled as a separate issue #5

While the additions in #32 are great, the routes files are quite large now, containing a lot of Swagger and request validation data.

The routes files should be made much smaller than they are by adding two new files on top of the index.ts routes we currently have, validations.ts and swagger.ts.

The validation and swagger objects already exist in index.ts, so it's minor code refactor.

This will however have a large impact:

• Much easier to follow API routing without getting distracted by the metadata
• We can easily expand metadata information much more than we currently do, especially the Swagger documentation. it will be in it's own module, so there won't be any issues with creating any bloat on the routes file.

Ensure this is done only after addition of unit tests #16

Admin accounts should be able to:

• View all users
• Deactivate non-admin accounts

This ticket encompasses the UI and backend implementation for this.

NeoVim's default postgres linter is quite buggy. Fix the project after updating Typescript linting.

Placeholder ticket to get the app running on Vercel.

Know issues:

• Vercel returning 404 not found
• Need to provision a remote Postgres database (both for live and testing environments)
• Need to add application secrets to env vars

For this project, we're aiming to highlight HTMX integration on the front and back end.

Configuring tailwind would be a win, but will add more complexity to understanding the essence of the desired outcome, rendering dynamic HTML on the front end without a conventional JavaScript framework doing the heavy lifting.

Pico CSS already has decent styling for the UI, no need to complicate things further in this regard.

This ticket tracks progress to purge any tailwind-related JS, CSS, and configurations.

Use Prettier to lint code on pull requests, and block PRs not meeting the linting standards.

TODO

This ticket is to check for any potential security vulnerabilities the API may be exposed to with regard to the use of HTMX.

Will be majorly looking at sanitizing API data from clients, if any current vulnerabilities.

Instead of adding transport #5, more importantly, we need to perform a logging audit.

After this audit:

• There should be a set format for all application logs (on top of the default tslog formating)
• Any necessary logs should be purged
• All logs should have the appropriate log levels
• Confirm secret data is being written to the logs

To be done after the addition of unit tests #16 as it will be easier to view logs generated for different edge cases automatically.

Currently, once logged in, a user has access to the application even if the 3-minute logged-in session has not expired.

A/C

• Once the session is expired, a user is redirected back to the login page.

We have swagger enabled, but no metadata describing request body and descriptions of what the API endpoints do.

This should be added to the wagger documentation as well to make it easier to understand the API specification.

After payment for order items has been completed, editing an inventory item's price will change the total cost of the order.

This should not be allowed to happen.

Ensure that on every pull request, use tsc to run compilation checks on the Typescript code base.

In the spirit of moving this project from only working locally, hardcoded values that should be dynamic should be moved to env vars.

This list currently has:

• Base URL of the application
• Application Port
• JWT Secret

Since user's data is now available, the application should also record who completed a payment. This ticket also includes listing of who completed the payments in the payment details list.

Ticket to track the addition of unit tests. Bun has a builtin test runner that will be used for this.

Acceptance Criteria:

• Add unit tests with least 70% test coverage to start
• Configure Github Actions to run unit tests on every PR

Viewing users is functional, although the pages styling wasn't well thought out at the time due to an emphasis on completing functionality.

Let's make the view user page look much nicer.

This ticket is to track the updating of the README of the project.

• Add details and motivation for working on the project
• Add local install instructions
• Add project structure definitions
• Add testing instructions
• Add Deployment Instructions

Currently, Zod validations are failing because query params and bodies that expect numbers to be sent are numbers wrapped as strings, so Zod numbers validation is failing.

Would also be great if we can handle this at the top level so that we don't have to repeat the logic in every route.

Before starting on unit tests, we need to also set up the testing database where we'll create fixtures.

A hard requirement is to use PostgreSQL for this database, as we have some columns defined in TypeORM that are only supported by Postgres.

Leaving implementation open, but it also goes without saying that setup and teardown of test cases should be fully automated.

We fixed the runtime and compile time parsing of query params and request bodies in #10

However, theoretically, we're still not returning BAD REQUEST status codes for failed Zod validations, we'll get an internal server error, and the response will be JSON with the Zod validation errors.

This should be changed to a bad request and instead of JSON, an info-wrapped HTML component may be injected into the document markup.

Stays in the backlog for now as not a blocker for next release phase.

Currently, the user will be logged out after 3 minutes, then they have to log in again.

It would be ideal to keep the user session alive and log them out only after say 10 mins of inactivity.

Not yet decided on the best live transports, we may not add anything on top of outputting to stdout & stderr.

Ticketing so that it isn't forgotten.