forgejo-lila/lila
1
0
Fork 0
Code Issues 50 Pull requests Projects 1 Releases Packages Wiki Activity Actions
192 commits 18 branches 0 tags 74 MiB
Commit graph

192 commits

This branch
This branch
All branches
Author SHA1 Message Date
lila
98c59f33c5 formatting + adding issues 2026-04-28 16:39:36 +02:00
lila
648c5d2979 fix: improve error semantics, clarify answer key type 2026-04-28 16:07:19 +02:00
lila
6eaf282651 fix: sanitise Zod validation error messages in game controller 2026-04-28 15:51:57 +02:00
lila
c081e632cf fix: explicit store update in evaluateAnswer, remove mutation through reference 2026-04-28 15:47:53 +02:00
lila
a02d3b3335 fix: deduplicate distractors against each other, guard thin distractor pool 2026-04-28 15:44:29 +02:00
lila
a02f3b139d fix: deduplicate distractors, replace tautological test, add distractor failure test 2026-04-28 15:17:31 +02:00
lila
3d16ab0fff feat: guard against empty terms in createGameSession 2026-04-28 15:08:06 +02:00
lila
1e30f04e81 feat: add ownership check to evaluateAnswer, AuthenticatedRequest type 2026-04-28 14:39:13 +02:00
lila
fdeb769640 feat: add TTL to GameSessionStore, replay protection and session cleanup to evaluateAnswer 2026-04-28 14:03:15 +02:00
lila
54705943fa adding ticket for refactor: dependency injection for GameSessionStore via composition root 2026-04-28 13:50:56 +02:00
lila
a4a4bfff57 refactor: dependency injection for GameSessionStore via composition root 2026-04-28 13:48:50 +02:00
lila
4f59f3bc14 formatting 2026-04-28 13:18:18 +02:00
lila
2ff7d1759e refactor: extract shuffleArray to lib/utils, rename correctAnswers to terms 2026-04-28 13:17:24 +02:00
lila
c46729f365 formatting 2026-04-28 12:32:44 +02:00
lila
02ccc88d24 fix: change GAME_ROUNDS from strings to numbers 2026-04-28 12:29:46 +02:00
lila
7d3c456efe formatting 2026-04-28 12:29:32 +02:00
lila
6b6a8aac3e adding roasts of gameservice 2026-04-27 17:47:05 +02:00
lila
fbb4e59274 adding ticket structure, finishing docker credential helper setup 2026-04-26 10:51:45 +02:00
lila
768ca24eb2 fix: remove unfrozen pnpm install from builder stages
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m3s
Details
2026-04-26 09:03:23 +02:00
lila
091495c1db updating tasks 2026-04-26 08:46:54 +02:00
lila
0da8397940 feat: add root and route-level error boundaries 2026-04-26 08:45:18 +02:00
lila
e3d28e4127 updating issues 2026-04-24 18:34:43 +02:00
lila
4de2c40482 feat: add 404 catch-all route and NotFound page 2026-04-24 18:28:22 +02:00
lila
4fabde57bd adding prompt 2026-04-24 10:27:54 +02:00
lila
e9ba8d292d updating tasks 2026-04-24 10:21:06 +02:00
lila
3971642848 Merge branch 'dev'
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m51s
Details
2026-04-24 10:15:23 +02:00
lila
ee719aaa58 test: add test file for multiplayerGameService 
Covers generateMultiplayerQuestions: question count, option structure,
correct answer inclusion, correctOptionId integrity, prompt/gloss
passthrough, DB call arguments, and error propagation.
 2026-04-24 10:14:28 +02:00
lila
4ece995385 test: fill coverage gaps in lobbyService and gameService 
- joinLobby: addPlayer returns falsy (race condition fallback)
- joinLobby: lobby disappears between addPlayer and final fetch
- createLobby: non-unique-violation errors re-thrown immediately
- createGameSession: unexpected DB errors propagate correctly
 2026-04-24 10:11:36 +02:00
lila
762cf91f86 updating tasks 2026-04-24 09:30:20 +02:00
lila
5b266d7435 adding task to test gameservice
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m13s
Details
2026-04-24 09:15:59 +02:00
lila
ec84f76fb2 updating backlog
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m12s
Details
2026-04-23 23:32:30 +02:00
lila
59049002fc fix(api): skip rate limiting for non-sensitive auth endpoints
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m50s
Details 
The authLimiter was blocking legitimate users because Better Auth's
client polls /get-session frequently (on mount, route changes, focus),
and /sign-out was also getting blocked after repeated session polls.

Skip rate limiting for:
- /get-session — read-only, requires valid cookie, no attack surface
- /sign-out — no attack value in blocking logout
- /callback/* — OAuth callbacks from providers

Brute force protection remains on /sign-in, /sign-up, and other
sensitive endpoints.
 2026-04-23 22:12:38 +02:00
lila
c57fc5a98b Merge branch 'dev'
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m31s
Details
2026-04-23 21:46:01 +02:00
lila
76192667e0 feat(caddy): add security headers for frontend 
Adds HSTS, CSP, X-Frame-Options, X-Content-Type-Options,
and Referrer-Policy to lilastudy.com responses.

CSP allows connect-src to api.lilastudy.com over HTTPS and
wss:// for WebSocket multiplayer. Tailwind's inline styles
require style-src 'unsafe-inline'.
 2026-04-23 21:45:35 +02:00
lila
9ab2bc3d0e feat(api): apply rate limiters to game and lobby routes 
Wire gameLimiter into gameRouter and lobbyLimiter into lobbyRouter.
Both run after requireAuth since they key by req.session.user.id.
 2026-04-23 20:36:36 +02:00
lila
e6f4a39dad adding task 2026-04-23 20:32:16 +02:00
lila
9893ead689 feat(api): add helmet security headers and rate limiting 
- Add helmet middleware for secure HTTP response headers
- Add express-rate-limit with three limiters:
  - authLimiter: per-IP, 20 req/15min on /api/auth/*
  - gameLimiter: per-user, 150 req/15min (not yet wired)
  - lobbyLimiter: per-user, 20 req/15min (not yet wired)
- Set trust proxy for correct client IP behind Caddy
- Add tests for all three limiters and helmet headers
 2026-04-23 11:13:11 +02:00
lila
1dfe391233 adding task 2026-04-23 11:12:57 +02:00
lila
4623ea634a updating documentatin 2026-04-23 10:40:34 +02:00
lila
cc0d2c7f8f removing dummy table for db migration pipeline test
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m48s
Details
2026-04-23 09:39:18 +02:00
lila
d67263e44a updating file path
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m11s
Details
2026-04-23 09:33:11 +02:00
lila
2328ad445d updating pnpm 2026-04-23 09:32:27 +02:00
lila
1a50f73c74 updated docker pipeline to include database migrations, added dummy table to verify the pipeline works
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m52s
Details
2026-04-23 09:19:57 +02:00
lila
66eddb9a2a creating backlog with issues 2026-04-22 21:09:24 +02:00
lila
9a3376cdcc updating docs 2026-04-21 15:40:26 +02:00
lila
0dba68904e adding labels
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m12s
Details
2026-04-21 14:44:14 +02:00
lila
1715726ec6 excluding temporary status of data-pipeline 2026-04-21 14:44:01 +02:00
lila
849fcdad86 adding documentation for the llm setup for the data pipeline 2026-04-21 13:22:27 +02:00
lila
214a597e99 feat(pipeline): add annotate stage 
- write annotate.ts — matches CEFR source files against OMW translations
- match by word text + normalized POS
- add cefr_source vote to matched translations
- extract native example sentences from CEFR source files
- write one annotated JSON per language to stage-2-annotate/output/
- write conflicts.json for words with multiple CEFR levels
- update tsconfig to support all stage directories
- 2 German conflicts found (macht, bleiche)
- match rates: en 47k, fr 44k, de 26k, it 26k, es 26k
 2026-04-21 12:01:56 +02:00
lila
9ea35568e5 updating config 2026-04-21 12:01:29 +02:00