3.8 KiB
3.8 KiB
Fix checklist (generated)
This file tracks each finding as:
verified: confirmed in repo by code inspection/grep.supported (inference): not directly observed, but likely given verified conditions.not found / outdated: claim doesn't match current code.
Each item also notes a commit that fixes it (once done).
Build / Frontend
- verified Build output dir mismatch (
package.jsonvstemplates/base.gohtml)- Fix: build non-player TS into
dist/static/instead ofdist/ - Commit:
build: fix dist static output(6da80df)
- Fix: build non-player TS into
- not found / outdated Player event listener leak on HTMX re-init (current code prevents re-init)
- Actual bug: HTMX swap can introduce a new player but
initializedprevents init. - Fix: re-init per-container with proper teardown.
- Commit:
fix: reinit player safely(30441c3)
- Actual bug: HTMX swap can introduce a new player but
- verified Unguarded
localStorageaccess in player modules (Safari private browsingSecurityError)- Fix: centralized safe storage helpers + migrate call sites.
- Commit:
fix: reinit player safely(30441c3)
- verified
genresParams&&bug in browse sentinel URL (templates/browse.gohtml)- Fix: guard the
&{{genresParams}}segment when empty. - Commit:
fix: browse genres params(7bff60f)
- Fix: guard the
- verified Inline
onclickusage (broad surface);browse.gohtml:55injection risk is low because ID is int- Fix: move handlers to delegated JS; remove inline JS strings where practical.
- Commit: (pending)
Go / Domain / DB
- verified
internal/db.Querierinterface missing handwritten(*Queries)methods- Fix: include handwritten methods in the interface or stop using interface where not useful.
- Commit: (pending)
- verified Migration 012 disables foreign keys + rebuilds
userwithout explicit transaction - verified SQLite lacks WAL + busy timeout (
internal/db/sqlite.go)- Fix: set WAL mode +
_busy_timeoutand/or PRAGMA busy_timeout; tune connection settings. - Commit:
fix: sqlite concurrency defaults(c609060)
- Fix: set WAL mode +
- verified Episodes worker has no per-tick timeout and uses
context.Background()- Fix: derive ctx from lifecycle, add per-tick
context.WithTimeout. - Commit:
fix: sqlite concurrency defaults(c609060)
- Fix: derive ctx from lifecycle, add per-tick
- verified Handler error response patterns inconsistent; some leak
err.Error()or return empty bodies- Fix: use
server.RespondError/server.RespondHTMLOrJSONErrorconsistently. - Commit:
fix: unify handler errors(4e8ba72)
- Fix: use
- verified
strconv.Atoi/ParseInterrors ignored in handlers- Fix: validate parse errors and return 400.
- Commit:
fix: unify handler errors(4e8ba72)
- verified Jikan client sends requests without a
User-Agent- Fix: set a stable UA header (and accept override if config exists).
- Commit:
fix: add jikan user-agent(4ffa6af)
Misc verified smells
- verified
internal/observability/metrics.gopanics on label cardinality mismatch- Fix: return early (drop sample) instead of panic.
- Commit:
fix: avoid metrics panic(7279eac)
- verified
templates/components/dropdown.gohtmlreferences undefined sub-templates- Fix: remove dead template or define missing parts; align with web component usage.
- Commit: (pending)
- verified Navigation
.IsCollapsednever set by handlers- Fix: wire value into template data or remove dead branch.
- Commit: (pending)
- verified
cmd/user/main.gohardcodes DiceBear URL; duplicated with migration 016- Fix: centralize default avatar URL construction and reuse in both.
- Commit: (pending)