Chore/brutal code review#43
Merged
Merged
Conversation
- Switched workout sync from upsert by name to find-or-create logic to prevent unique constraint failures - Fixed Docker HEALTHCHECK IP resolution binding issue in Alpine
Three WebAuthn routes were using bare console.error() which bypassed the structured file logger (app.log). These routes also had no logger.request() calls, leaving auth ceremony failures invisible. - passkey/options/route.ts: add start timer, logger.warn on no-passkey, logger.request on all paths, logger.error in catch - passkey/register/options/route.ts: same pattern - passkey/register/verify/route.ts: same pattern, plus warn on verification failure and expired challenge All changes follow the established pattern in api/auth/login/route.ts. Refs: logging_assessment_2026_04_20.md
Admin invite actions (list, generate, revoke) were entirely unlogged. These are security-relevant events — they control who can register. Added logger.info() on every successful action and logger.warn() on all rejection paths (not found, already used). Follows the existing pattern of using source="admin" for admin-specific events. Refs: logging_assessment_2026_04_20.md
Client-side errors (console.warn/error) were invisible in production —
no operator could see failures on mobile or after page reload.
This change introduces a durable client error pipeline:
- ClientError type added to domain.ts
- Dexie v11: adds clientErrors table (++id index)
- src/lib/client-logger.ts: structured client logger that writes to
IndexedDB (best-effort) and mirrors to console
- src/app/api/client-logs/route.ts: authenticated endpoint that
receives buffered entries and appends them to app.log as [client]
- syncEngine.ts: flushClientErrors() wired to the online event
so buffered errors are delivered on reconnection
Max 100 entries buffered locally. Oldest entries pruned on overflow.
Server validates and caps incoming payload at 100 entries per flush.
Refs: logging_assessment_2026_04_20.md
…point + startup warnings)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.