lerko/nib-v1
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: address code review findings across backend and frontend
CI / test (pull_request) Successful in 2m13s
Details

Browse Source 
Fix goroutine-unsafe ULID entropy by wrapping in LockedMonotonicReader.
Move PRAGMA foreign_keys outside transaction in v3 migration where
SQLite was silently ignoring it. Escape LIKE wildcards in link
resolution to prevent false matches. Add non-localhost binding warning,
log writeJSON encoder errors, add ?permanent=true for explicit hard
delete, preserve title/description during absorb, use millisecond
backup timestamps, add path.Clean to spaHandler. Frontend gains
checkedJSON() for resp.ok validation, consistent stopPropagation, and
shared renderCardSections() to eliminate duplicate rendering.
This commit is contained in:
Tyler Koenig
2026-05-21 16:01:43 -04:00
parent 8426c2fbc1
commit e9ecc4c1f7
12 changed files with 240 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/serve.go
+3
View File
@@ -90,6 +90,9 @@ func runServe(_ *cobra.Command, _ []string) error {
if serveDev {
fmt.Println(" CORS enabled (dev mode)")
}
if serveHost != "127.0.0.1" && serveHost != "localhost" && serveHost != "::1" {
fmt.Fprintln(os.Stderr, " WARNING: binding to non-localhost with no authentication — API is open to the network")
}
var listenErr error
if useTLS {