From 5dc11c4e1b0a549cbf9aa0b56919855e41252422 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Tue, 12 May 2026 15:56:29 -0300 Subject: [PATCH 1/6] test: empty PR to test workflow From 2f51a81a0766bb8ac20cc44844bc81224b1e1bb5 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Tue, 12 May 2026 16:22:40 -0300 Subject: [PATCH 2/6] Fix workflow ref: main -> master --- .github/workflows/pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 3184c70..e186fa7 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -5,4 +5,4 @@ on: jobs: central: - uses: librecourseuy/.github/.github/workflows/central-checks.yml@main + uses: librecourseuy/.github/.github/workflows/central-checks.yml@master From e9b4daea77e0e12736fe7406d870e83c0f65dc72 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Tue, 12 May 2026 17:09:54 -0300 Subject: [PATCH 3/6] Remove workflows --- .github/workflows/deploy.yml | 32 -------------------------------- .github/workflows/pr-check.yml | 8 -------- 2 files changed, 40 deletions(-) delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/pr-check.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index d128bf3..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Deploy - -on: - push: - branches: [main] - -jobs: - deploy: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - uses: actions/checkout@v4 - - - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/build-push-action@v5 - with: - context: . - push: true - provenance: false - tags: ghcr.io/librecourseuy/${{ github.event.repository.name }}:latest - - - - diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml deleted file mode 100644 index e186fa7..0000000 --- a/.github/workflows/pr-check.yml +++ /dev/null @@ -1,8 +0,0 @@ -name: PR Checks - -on: - pull_request: - -jobs: - central: - uses: librecourseuy/.github/.github/workflows/central-checks.yml@master From b42416271361b4e24a1e7b42860b979e2edbbe94 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Wed, 13 May 2026 01:09:11 -0300 Subject: [PATCH 4/6] Restore deploy workflow --- .github/workflows/deploy.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..d128bf3 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,32 @@ +name: Deploy + +on: + push: + branches: [main] + +jobs: + deploy: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: docker/build-push-action@v5 + with: + context: . + push: true + provenance: false + tags: ghcr.io/librecourseuy/${{ github.event.repository.name }}:latest + + + + From 63860925733c049edbbdc85ff188ee815bdb3ff9 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Mon, 1 Jun 2026 19:07:42 -0300 Subject: [PATCH 5/6] bump fastapi to 0.136.3 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 15dab9d..0652ac9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -fastapi +fastapi>=0.136.3 uvicorn python-dotenv sqlalchemy From d11eee9a6fae4e8558c0953da53892eeb0cd34e5 Mon Sep 17 00:00:00 2001 From: Emiliano Gandini Outeda Date: Mon, 29 Jun 2026 19:22:47 -0300 Subject: [PATCH 6/6] feat: security fixes + UI/UX overhaul Security fixes: - Fix CRITICAL async/sync DB session mismatch in DEV mode (add aiosqlite) - Make ADMIN_PASSWORD required in PROD, warn in DEV - Wire up CSRF protection (verify_admin_origin) on all admin endpoints - Add 24h token expiry mechanism - Remove token/Auth header leakage from DEBUG logs - Add input size limits on Pydantic models - Improve directory traversal check - Reuse httpx.AsyncClient for metrics - Remove unnecessary global statements UI/UX improvements: - Add glassmorphism header (backdrop-filter blur) - Add card entrance animation with staggered delays - Add purple accent border on group cards - Fix green shadow bug on search focus - Add custom dark scrollbar styling - Add prefers-reduced-motion support - Add :focus-visible styles for keyboard navigation - Add aria-label to all icon buttons and form inputs - Wire