Architectural Hardening & Security compliance for Mobile Toolbar (#61) #63

Closed
opened 2026-05-31 17:53:21 +00:00 by Antigravity · 0 comments
Collaborator

This issue tracks the hardening and architectural compliance adjustments for PR #61, ensuring the codebase is Native AOT-ready and meets high standards for security, memory-safety, and Clean Architecture:

  • JS Memory Safety & CSP: Migrated eval-based resize/viewport listeners in ReaderLayout and ReaderCanvas to a dedicated viewport.js module following the IAsyncDisposable pattern.
  • State Decoupling: Moved progress and checkpoints out of the IReaderInteractionService event bus into a dedicated IReaderStateService.
  • Model De-duplication: Centered MobileReaderTab, SelectionCoordinates, ChatMessage, and ResponseSegment models in ReaderModels.cs.
  • Configuration & Seed Security: Replaced direct Environment.GetEnvironmentVariable bypasses in DbInitializer.cs with the standard IConfiguration flow and cleared weak password defaults in compose templates.
  • Premium Citation UX: Replaced no-op mobile citation click handlers with interactive glassmorphic detail popups.
This issue tracks the hardening and architectural compliance adjustments for PR #61, ensuring the codebase is Native AOT-ready and meets high standards for security, memory-safety, and Clean Architecture: - **JS Memory Safety & CSP**: Migrated eval-based resize/viewport listeners in `ReaderLayout` and `ReaderCanvas` to a dedicated `viewport.js` module following the `IAsyncDisposable` pattern. - **State Decoupling**: Moved progress and checkpoints out of the `IReaderInteractionService` event bus into a dedicated `IReaderStateService`. - **Model De-duplication**: Centered `MobileReaderTab`, `SelectionCoordinates`, `ChatMessage`, and `ResponseSegment` models in `ReaderModels.cs`. - **Configuration & Seed Security**: Replaced direct `Environment.GetEnvironmentVariable` bypasses in `DbInitializer.cs` with the standard `IConfiguration` flow and cleared weak password defaults in compose templates. - **Premium Citation UX**: Replaced no-op mobile citation click handlers with interactive glassmorphic detail popups.
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mjasin/Nexus.Reader#63