jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
212 commits 9 branches 0 tags 28 MiB
Find a file
Jennie Robinson Faber de3bcc479a
Some checks failed
Test / playwright (push) Blocked by required conditions
Details
Test / Notify on failure (push) Blocked by required conditions
Details
Test / visual (push) Blocked by required conditions
Details
Test / vitest (push) Has been cancelled
Details
fix(auth): rewire OIDC logout/error flow through Nuxt pages 
Migrate three render callbacks in oidc-provider (logoutSource,
postLogoutSuccessSource, renderError) from the baked guildPageShell
helper to Nuxt pages under app/pages/auth/, so they go through the
font module and design system instead of a shadow copy.

- Delete guildPageShell (~103 lines of shadow design system).
- Add /auth/logout-success, /auth/oidc-error, /auth/logout-confirm
  pages built on dashed-box + btn + main.css tokens.
- renderError now allow-lists error + error_description into query
  params and lets Vue default interpolation escape them, closing an
  XSS where OIDC error fields were concatenated into raw HTML.
- logoutSource extracts the xsrf from oidc-provider's stable form
  output, sets it as an httpOnly 2-minute cookie, and redirects to
  /auth/logout-confirm. The confirm page reads the cookie during SSR,
  persists the value to useState, and clears the cookie so it's
  strictly one-time use. Defensive fallback keeps the raw auto-submit
  form if oidc-provider ever changes its form format.
- Fix form actions emitting http:// in production at the root cause:
  oidc-provider extends Koa but calls super() with no args, so
  app.proxy defaults to false and ctx.protocol ignores
  X-Forwarded-Proto. Set _provider.proxy = true after construction;
  remove the bogus proxy:true config key (silently ignored) and the
  form.replace('http://', 'https://') symptom patch. Make the
  x-forwarded-proto override in the catchall conditional on
  production + missing header (was unconditional + dead code).
- Add site-wide .btn:focus-visible rule in main.css for WCAG 2.4.7.

Verified in browser: Brygada 1918 loads on all three pages, contrast
ratios pass AA in dark + light, XSS payload escapes to text nodes
only, Set-Cookie: Max-Age=0 enforces one-time xsrf use, no
horizontal overflow at 500px, no console errors.
2026-04-11 23:21:46 +01:00
.claude Readying for design 2026-03-04 18:24:20 +00:00
.forgejo/workflows Huge bunch of UI/UX improvements and tweaks! 2026-04-06 16:17:12 +01:00
.husky feat: add testing infrastructure — Vitest, Playwright, CI, git hooks 2026-04-04 16:07:21 +01:00
.serena fix: use private helcimApiToken for all server-side Helcim API calls 2026-04-04 13:37:34 +01:00
app fix(auth): rewire OIDC logout/error flow through Nuxt pages 2026-04-11 23:21:46 +01:00
assets/css Redesign interface across member dashboard and events pages 2025-10-09 16:25:57 +01:00
docs Add Zod validation to all API endpoints and remove debug test route 2026-03-01 17:04:26 +00:00
e2e fix(profile,account): wrap auth-conditional UI in ClientOnly 2026-04-08 17:41:01 +01:00
plugins Enhance application structure: Add runtime configuration for environment variables, integrate new dependencies for Cloudinary and UI components, and refactor member management features including improved forms and member dashboard. Update styles and layout for better user experience. 2025-08-27 16:49:51 +01:00
public feat: cleanup deprecated components and background texture 2026-04-02 21:38:50 +01:00
scripts refactor(community): rename Community Connections → Community Ecology 2026-04-09 09:07:15 +01:00
server fix(auth): rewire OIDC logout/error flow through Nuxt pages 2026-04-11 23:21:46 +01:00
tests fix(onboarding): fix widget links, isComplete logic, and event slugs 2026-04-09 23:52:04 +01:00
.cursorignore Updates! 2026-03-31 18:18:24 +01:00
.cursorindexingignore Updates! 2026-03-31 18:18:24 +01:00
.dockerignore feat: add .dockerignore and document BASE_URL in .env.example 2026-04-04 12:41:00 +01:00
.env.example feat(wiki): add Outline utility and wiki sync API 2026-04-09 22:33:06 +01:00
.gitignore test(visual): expand snapshot coverage for member-area pages 2026-04-08 15:39:13 +01:00
debug-token.js Implement multi-step registration process: Add step indicators, error handling, and payment processing for membership registration. Enhance form validation and user feedback with success and error messages. Refactor state management for improved clarity and maintainability. 2025-09-03 14:47:13 +01:00
Dockerfile fix: multi-stage Dockerfile and guard husky for Docker builds 2026-04-04 16:44:55 +01:00
eslint.config.mjs Initial commit 2025-08-26 14:17:16 +01:00
nuxt.config.ts feat(wiki): add Outline utility and wiki sync API 2026-04-09 22:33:06 +01:00
package-lock.json merge: worktree-a11y-fixes into main 2026-04-05 22:05:00 +01:00
package.json merge: worktree-a11y-fixes into main 2026-04-05 22:05:00 +01:00
playwright.config.js test(visual): allow playwright port override and rebaseline connections-mobile 2026-04-08 16:03:48 +01:00
slack-app-manifest.yaml Adding features 2025-10-05 16:15:09 +01:00
test-helcim-direct.js Implement multi-step registration process: Add step indicators, error handling, and payment processing for membership registration. Enhance form validation and user feedback with success and error messages. Refactor state management for improved clarity and maintainability. 2025-09-03 14:47:13 +01:00
TESTING.md feat: add testing infrastructure — Vitest, Playwright, CI, git hooks 2026-04-04 16:07:21 +01:00
tsconfig.json Initial commit 2025-08-26 14:17:16 +01:00
vitest.config.js Add Vitest security test suite and update security evaluation doc 2026-03-01 12:30:06 +00:00