All pending fixes – UI, auth, cover image, script removal #84

Open
Antigravity wants to merge 2 commits from feature/all-requested-fixes into develop
Collaborator

This PR bundles all requested changes:

  • JWT auth config for ebook ingest
  • Image scaling, layout, and margin tweaks
  • Dashboard cover image fix
  • Removal of "Skrypt warsztatowy Symfonia" entry
  • Front‑end token handling for upload
  • Logging improvements in ingest pipeline

Please review and merge.

This PR bundles all requested changes: - JWT auth config for ebook ingest - Image scaling, layout, and margin tweaks - Dashboard cover image fix - Removal of "Skrypt warsztatowy Symfonia" entry - Front‑end token handling for upload - Logging improvements in ingest pipeline Please review and merge.
Antigravity added 2 commits 2026-06-15 18:50:29 +00:00
Antigravity reviewed 2026-06-15 18:55:17 +00:00
Antigravity left a comment
Author
Collaborator

Automated review – please address the inline comments.

Automated review – please address the inline comments.
@@ -27,6 +27,7 @@ public class BookStorageService : IBookStorageService
var uploadsFolder = Path.Combine(_environment.WebRootPath, "uploads");
EnsureDirectoryExists(uploadsFolder);
fileName = SanitizeFileName(fileName);
Author
Collaborator

MAJOR: SanitizeFileName is called after Path.Combine, allowing path‑traversal before sanitisation. Move sanitisation before combining and add a unit test.

**MAJOR**: `SanitizeFileName` is called after `Path.Combine`, allowing path‑traversal before sanitisation. Move sanitisation before combining and add a unit test.
@@ -21,3 +21,3 @@
private static readonly Regex ImageTagRegex = new(@"<img\b(?<before>[^>]*?\bsrc=[""'])(?<src>[^""']*?)(?<after>[""'][^>]*?>)", RegexOptions.IgnoreCase | RegexOptions.Compiled);
private static readonly Regex ImageTagRegex = new(@"(?<before><img\b[^>]*?\bsrc=[""'])(?<src>[^""']*?)(?<after>[""'][^>]*?>)", RegexOptions.IgnoreCase | RegexOptions.Compiled);
private static readonly Regex BodyMatchRegex = new(@"<body\b[^>]*>(.*?)</body>", RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);
private static readonly Regex ParagraphMatchRegex = new(@"<(p|h[1-6]|ul|ol|blockquote|pre)\b[^>]*>.*?</\1>|<hr\b[^>]*>|<img\b[^>]*>", RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);
Author
Collaborator

MAJOR: Updated ImageTagRegex now includes the opening <. Verify that the src capture group still works; add a test for a simple <img src="x.jpg">.

**MAJOR**: Updated `ImageTagRegex` now includes the opening `<`. Verify that the `src` capture group still works; add a test for a simple `<img src="x.jpg">`.
@@ -30,3 +32,4 @@
private static readonly Regex EmptyBlockRegex = new(@"^(</?(p|h[1-6]|ul|ol|li|blockquote|pre|div|span|br)\b[^>]*>|&nbsp;|\s)*$", RegexOptions.IgnoreCase | RegexOptions.Compiled);
public EpubReaderService(
IDbContextFactory<AppDbContext> dbContextFactory,
Author
Collaborator

MAJOR: New SVG handling may leave unsupported <image> tags if neither src nor href is present. Consider stripping or warning.

**MAJOR**: New SVG handling may leave unsupported `<image>` tags if neither `src` nor `href` is present. Consider stripping or warning.
@@ -8,7 +8,7 @@
@inject IReaderStateService StateService
Author
Collaborator

MINOR: Add aria-hidden="@StateService.IsBarsHidden" for accessibility when toolbar is hidden.

**MINOR**: Add `aria-hidden="@StateService.IsBarsHidden"` for accessibility when toolbar is hidden.
@@ -62,5 +62,5 @@
</div>
}
</div>
@if (_isLoadingChapter)
Author
Collaborator

MAJOR: [JSInvokable] HandleScrollDelta updates UI on every scroll delta – debounce to avoid frequent re‑renders.

**MAJOR**: `[JSInvokable] HandleScrollDelta` updates UI on every scroll delta – debounce to avoid frequent re‑renders.
@@ -34,5 +34,5 @@
}
public MobileReaderTab ActiveTab
{
get { lock (_lock) return _activeTab; }
Author
Collaborator

MAJOR: IsBarsHidden UI state lives in a shared service; move it to a UI‑only service to respect Clean Architecture.

**MAJOR**: `IsBarsHidden` UI state lives in a shared service; move it to a UI‑only service to respect Clean Architecture.
@@ -44,6 +45,17 @@ export function initScrollListener(dotNetHelper, scrollContainerSelector) {
// Ensure bounds
Author
Collaborator

MAJOR: Scroll‑delta detection fires many interop calls; add client‑side debounce (e.g., 100 ms).

**MAJOR**: Scroll‑delta detection fires many interop calls; add client‑side debounce (e.g., 100 ms).
@@ -121,6 +122,17 @@ builder.Services.AddAuthentication(options =>
options.DefaultScheme = IdentityConstants.ApplicationScheme;
Author
Collaborator

CRITICAL: JWT authentication missing signing key & ValidateIssuerSigningKey. Add a secret key and enable validation.

**CRITICAL**: JWT authentication missing signing key & `ValidateIssuerSigningKey`. Add a secret key and enable validation.
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feature/all-requested-fixes:feature/all-requested-fixes
git checkout feature/all-requested-fixes
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mjasin/Nexus.Reader#84