mirror of
https://github.com/zvx-echo6/central.git
synced 2026-05-21 18:14:44 +02:00
malice
78b6fcf150* feat(wizard): implement deferred-commit pattern for setup wizard Replace the current "POST each step -> DB write -> redirect" architecture with "collect values across steps in a signed cookie, commit everything in one transaction at Finish." Key changes: - Add wizard.py: WizardState dataclass and cookie helpers - csrf.py: Add reuse_or_generate_pre_auth_csrf helper - routes.py: All wizard handlers now use cookie state, no DB writes until finish - middleware.py: Cookie-based wizard step routing instead of DB queries - setup_operator.html: Remove "Operator Already Configured" branch Benefits: - Back navigation works: can return to any step and edit values - Atomic commit: all DB writes happen in single transaction at finish - No orphaned state: failed wizard leaves no DB artifacts - Simpler auth: pre-auth CSRF for all 5 steps (no session until finish) Tests updated for new behavior. 287 tests passing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(templates): correct SRI hashes for leaflet.draw assets The integrity hashes for leaflet.draw.css and leaflet.draw.js were incorrect, causing browsers to silently block these resources. This broke the Leaflet.draw toolbar and map rendering for FIRMS/USGS adapter region pickers. Updated both setup_adapters.html and adapters_edit.html with the correct sha512 hashes computed from the actual CDN files. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(gui): return 204 for browser-noise paths to prevent CSRF races Browser requests for /favicon.ico, /apple-touch-icon.png, etc. were triggering parallel GET requests that could race with form loads, causing CSRF token rotation issues. Added BROWSER_NOISE_PATHS constant and early 204 response in both SetupGateMiddleware and SessionMiddleware to short-circuit these requests before any cookie/token handling occurs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Matt Johnson <mj@k7zvx.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| conftest.py | ||
| README.md | ||
| test_adapters.py | ||
| test_api_keys.py | ||
| test_archive_multi_stream.py | ||
| test_audit.py | ||
| test_auth.py | ||
| test_bootstrap_config.py | ||
| test_config_source.py | ||
| test_config_store.py | ||
| test_crypto.py | ||
| test_csrf_handler.py | ||
| test_csrf_race_condition.py | ||
| test_dashboard.py | ||
| test_events_adapter_column.py | ||
| test_events_feed.py | ||
| test_firms.py | ||
| test_gui_scaffold.py | ||
| test_models.py | ||
| test_nws_normalization.py | ||
| test_region_picker.py | ||
| test_session_auth.py | ||
| test_setup_gate.py | ||
| test_streams.py | ||
| test_supervisor_hotreload.py | ||
| test_supervisor_integration.py | ||
| test_usgs_quake.py | ||
| test_wizard.py | ||
Central Tests
Test Database
Some tests (notably test_config_store.py) require a real PostgreSQL database.
By default, tests connect to:
postgresql://central_test:testpass@localhost/central_test
If your test database uses different credentials, set the CENTRAL_TEST_DB_DSN
environment variable:
export CENTRAL_TEST_DB_DSN="postgresql://myuser:mypass@localhost/mydb"
uv run pytest tests/test_config_store.py