cyberrapists/cg_api_secure-webshare
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b004e1594877a863c2eb96183fa99dbde1a781763165f62c55d1842dc56640b4
cg_api_secure-webshare/agent3_content_delivery.md

3.2 KiB
Raw Blame History

Batch 1 Verification — Frontend Regression Check

Date: 2026-05-24 Verifier: worker

Build Result

PASS

vite v8.0.14 building client environment for production...
transforming... ✓ 621 modules transformed.
rendering chunks...
dist/index.html                     0.42 kB │ gzip:   0.28 kB
dist/assets/index-DTmTBGd6.css     17.31 kB │ gzip:   3.60 kB
dist/assets/lib-CHwV_tJc.js       497.26 kB │ gzip: 125.51 kB
dist/assets/index-C4gnVVS-.js   1,038.17 kB │ gzip: 347.38 kB

✓ built in 3.83s

Warnings: One pre-existing chunk-size warning (Some chunks are larger than 500 kB after minification). This is not a new regression and is unrelated to the server/bot changes.

Files Inspected

File Key Observations
frontend/package.json Build script: "build": "vite build". Dependencies: Svelte 5, Vite 8, DOMPurify, highlight.js, mammoth, marked.
frontend/src/routes/ViewContent.svelte Fetches metadata via fetchMetadata(cxid, sc). Displays metadata.current_views / metadata.max_views only if max_views exists. No assumptions about view-count increment behavior. All file URLs pass password (sc) correctly.
frontend/src/routes/Home.svelte Accepts cxidInput and optional passwordInput. Checks meta.has_password client-side before verifying. Navigates to view route via history.pushState. No view-count logic here.
frontend/src/lib/api.js API_BASE hard-coded to http://127.0.0.1:8090. BOT_USERNAME = "council_websharingbot". fetchMetadata and verifyPassword use GET and POST respectively. No HEAD requests.

Regression Assessment

  • No regressions detected from the server HEAD-request fix.
  • The frontend does not issue HEAD requests; all API calls are GET (fetchMetadata, file URLs) or POST (verifyPassword).
  • View-count display is read-only from metadata. There is no client-side logic that depends on whether the server increments the counter on HEAD vs GET.

Notes for Upcoming Batches

Batch 3 — Password UX

  • ViewContent.svelte: Password submission does verifyPasswordfetchMetadata (two round trips). Consider adding:
    • Show/hide password toggle.
    • Loading state during submitPassword (currently no phase = 'loading').
    • Auto-focus on password input when phase === 'password_required'.
  • Home.svelte: Password flow also does two round trips (fetchMetadata to check has_password, then verifyPassword, then fetchMetadata again). Error messages are generic (e.message || 'Content not found.').
  • Shared concern: Passwords travel in query string (?sc=...) for shared links. This is pre-existing behavior but worth noting for any security-focused UX work.

Batch 10 — Homepage Bot Link

  • Home.svelte already references BOT_USERNAME imported from api.js (value: council_websharingbot).
  • The Telegram deep-link https://t.me/{BOT_USERNAME}?start=submit is correctly constructed.
  • No concerns unless the bot username changes (in which case only api.js needs updating).

Conclusion

Frontend is safe to proceed. Build is clean, and the server/bot changes in Batch 1 do not affect frontend behavior.

Reference in New Issue View Git Blame Copy Permalink