Skip to content

RELab v0.2.0#111

Open
simonvanlierde wants to merge 313 commits intomainfrom
pr-prep
Open

RELab v0.2.0#111
simonvanlierde wants to merge 313 commits intomainfrom
pr-prep

Conversation

@simonvanlierde
Copy link
Copy Markdown
Contributor

@simonvanlierde simonvanlierde commented Mar 25, 2026
edited
Loading

Pull Request

Description

This PR consolidates a large batch of work across the monorepo, including backend refactors and feature work, frontend-app and frontend-web improvements, CI and developer-experience updates, documentation updates, and security-related fixes.

Type of Change

  • 🚀 feat: New feature
  • 🐛 fix: Bug fix
  • 🛠️ build: Build system or dependency changes
  • 🔄 ci: CI configuration changes
  • 📚 docs: Documentation only changes
  • 🏎️ perf: Performance improvement
  • ♻️ refactor: Code refactoring (no functional changes)
  • 🎨 style: Code style/formatting changes
  • ✅ test: Adding or updating tests

Checklist

  • I've read the contributing guidelines
  • Code follows style guidelines and passes quality checks (ruff, pyright)
  • Unit tests added/updated and passing locally
  • Documentation updated (if applicable)
  • Database migrations created (if applicable)

Additional Context

High-level areas included in this PR:

  • Backend feature work and refactors
  • Authentication and login-flow hardening
  • Background-data and shared CRUD/router improvements
  • Frontend-app UI overhaul, lint/test cleanup, and structural improvements
  • Frontend-web migration and modernization work
  • CI, GitHub workflows, release-please, and repository maintenance updates
  • Documentation, templates, and local developer workflow improvements

@simonvanlierde
fix(backend): update ruff target python version
ef7deb5
@simonvanlierde
fix(backend): Update python target version for ruff to 3.14
1ef6d7a
@simonvanlierde
fix(backend): Move logging module
cbdfbc3
@simonvanlierde
fix(backend): Lint backend with ruff targeted to 3.14 and remove unus…
324ce8e 
…ed sqladmin interface
@simonvanlierde
fix(backend): Remove min length constraints from CircularityPropertie…
c4eb2be 
…s Patch update schema
@simonvanlierde
fix(backend): Hotfix for SQLmodel issues
88a6cbc
@simonvanlierde
fix(backend): Revert to old-school sqlalchemy typing to fix runtime O…
d74517d 
…RM issues
@simonvanlierde
feat(backend): Add timeout and use-cookies vars to rclone backup script
c6665bd
@simonvanlierde
fix(backend): Simplify UserRead model for admin level user GET paths
23750d1
@simonvanlierde
feature(backend): Move from pyright to ty for type checking
bd24f92
@simonvanlierde
fix(backend): Update devcontainer and vscode settings for use of ty f…
96204d0 
…or type checking
@simonvanlierde
fix(backend): Some type issue fixes
5a31886
@simonvanlierde
fix(backend): Type fixes after ty linting - alembic migrations
0f2a131
@simonvanlierde
feature(backend): WIP: test suite
dc14b96
@simonvanlierde
fix(backend): some type fixes in scripts
cb8c259
@simonvanlierde
fix(backend): Some type and linting fixes
7b26374
@simonvanlierde
feature(docker): Create publicly available test env
055fd4b
@simonvanlierde
fix(docker): More explicit cloudflare tunnel token definitions
36b2389
@simonvanlierde
fix(ci): Add pytest cache to root-level .gitignore
38874cf
@simonvanlierde
feature(backend): Implement environment variables (dev, testing, stag…
2528ee7 
…ing, prod)
@simonvanlierde
fix(backend): Update minimum python version
dd6e686
@simonvanlierde
fix(ci): Update ty config for VS code
6828d0f
@simonvanlierde
fix(backend): Simplify alembic config
55df6ca
@simonvanlierde
feature(backend): Implement session-based auth with Redis database
4797595
@simonvanlierde
feature(backend): Suppress sending emails in dev and testing env
6190d44
@simonvanlierde
feature(backend): Add last login and ip to user model for session con…
0fe616e 
…trol
@simonvanlierde
fix(backend): Only init disposable email checker in staging and prod
d9b4d77
@simonvanlierde
feature(backend): Add rate limiting for login and register endpoints
38a35f7
@simonvanlierde
feature(backend): Add caching of background data and remove asyncache…
93490bd 
… dependency
@simonvanlierde
fix(backend): Refactor file mounting to separate file
eb223af
@simonvanlierde
docs: add SECURITY.md with vulnerability reporting guidelines
820558c
@simonvanlierde
refactor(backend): remove UUIDPrimaryKeyMixin, use id: UUID4 directly
3f0b6b6
@simonvanlierde
test(backend): Update backend tests
b9308d7
@simonvanlierde
fix(backend): Fix import in data seeding scripts
3f305eb
@simonvanlierde
test(frontend-app): Update test specs
787955d
@simonvanlierde
fix: small justfile improvements
6164827
@simonvanlierde
feature(docs): Update documentation content and styling
515442f
@simonvanlierde
fix: serve fonts locally for docs and frontend-web, resize background…
39d5c53 
… images
@simonvanlierde
feat(frontend-web): Small updates
416a3c2 
- add email subscription and unsubscription components
- Introduced EmailForm component for handling email subscriptions with validation and feedback messages.
- Created TokenAction component for confirming and unsubscribing from newsletters, displaying appropriate status messages.
- Updated index.astro and unsubscribe-form.astro to utilize new components, simplifying the code and enhancing maintainability.
- Added build:test script to package.json for testing in a test environment.
- Updated global styles and added fonts.css for improved typography and theming.
- Refactored layout and privacy pages for consistency and better structure.
@simonvanlierde
fix(backend): Update deps, Clean up test env file
8348d29
@simonvanlierde
feat(auth): Refactor authentication API calls to use centralized config
9c6500b
@simonvanlierde
feat:(frontend-app): Refactor components to use theme hooks and impro…
c1e7473 
…ve accessibility
@simonvanlierde
feat(frontend-app): integrate auto-generated OpenAPI types
6b283f5
@simonvanlierde
feat(backend): add request ID and request size limit middleware
37199bc
@simonvanlierde
feat(backend): add oauth state token TTL configuration and related tests
9a65ba7
@simonvanlierde
infra: add optional backend OpenTelemetry tracing and collector wiring
4258053
@simonvanlierde
refactor(backend): replace custom fastapi-cache fork with cashews for…
02422e7 
… caching implementation
@simonvanlierde
refactor(auth): replace fastapi_users_db_sqlmodel imports with local …
d9e700d 
…sqlmodel_adapter
@simonvanlierde
refactor(backend): Refactor and enhance maintenance scripts. Add refr…
97322a3 
…esh_disposable_email_domains.py to store email validation list locally to avoid unneeded traffic.
@simonvanlierde
refactor: standardize VSCode settings across all services, move from …
c5366bf 
…eslint to biome
@simonvanlierde
refactor: update Docker and ignore files for improved build and runti…
fbdb55b 
…me management
@simonvanlierde
ci: add smoke test for user-upload backups image in justfile and ci
cf8d107
@simonvanlierde
feat: add performance baseline workflow and update related scripts an…
e17ae37 
…d documentation
@simonvanlierde
refactor: pass through exceptions to base API exception file
379c9c0
@simonvanlierde
feat(backend): add thumbnail generation and deletion functions for im…
5b75785 
…age processing
@simonvanlierde
feat(backend): Refactor file storage system to support S3 backend
710a6ee
@simonvanlierde
feat(backend): add image deletion function and integrate thumbnail cl…
6ef1cfc 
…eanup in storage service
@simonvanlierde
feat(backend): add option to skip password breach check during user c…
0c4a057 
…reation
@simonvanlierde
refactor(backend): Refactor schemas and models for improved readabili…
d707cb8 
…ty and maintainability
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 30, 2026
View reviewed changes
backend/app/api/auth/services/user_manager.py
the plaintext password never leaves this process.
Fails open (returns 0) if the Have I Been Pwnd API is unreachable.
"""
sha1 = hashlib.sha1(password.encode(), usedforsecurity=False).hexdigest().upper()

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic hashing algorithm on sensitive data High

Sensitive data (password)
Loading
is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function.
Sensitive data (password)
Loading
is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function.
Sensitive data (password)
Loading
is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function.
Sensitive data (secret)
Loading
is used in a hashing algorithm (SHA1) that is insecure.

Copilot Autofix

AI 3 days ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

backend/app/api/file_storage/routers.py

# Serve pre-computed thumbnail when the request matches a standard width
if width and not height:
thumb = AsyncPath(thumbnail_path_for(Path(image_path), width))

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix

AI 3 days ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simonvanlierde @github-advanced-security