Vadym Samoilenko
|
ae41562103
|
Phase 8: Data-driven slide architecture + template management overhaul
Replaces TSX/Babel compilation pipeline with a JSON element model:
- New _do_parse_v2(): 1 LLM call/layout (vs 2) classifies OXML geometry
elements into placeholder types → JSON stored in layout_code
- SlideRenderer.tsx: renders JSON element model as %-positioned divs,
no Babel compilation or runtime errors
- parseLayoutSchema.ts: isJsonLayoutCode() / parseLayoutSchema() /
mergeElementsWithContent() — full JSON schema parsing layer
- useCustomTemplates.ts: transparent dual-format support (JSON + TSX)
via parsedLayoutToCompiled() adapter
Template management improvements:
- PresentationLayoutCodeModel: +is_enabled (bool) +thumbnail_path (str)
- Migration 005: adds both columns to presentation_layout_codes
- DELETE /master-decks/{id}: hard delete (files + TemplateModel +
PresentationLayoutCodeModel rows + MasterDeckModel)
- PATCH /template-management/layouts/{db_id}/toggle-enabled: new endpoint
- LayoutData response: +db_id, +is_enabled, +thumbnail_path
- _register_as_template(): stores thumbnail_path + is_enabled per layout
Admin UI:
- /admin/templates/ — list all custom templates with delete
- /admin/templates/[id]/ — layout grid with screenshots + enable/disable
- AdminSidebar: Templates nav item
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-01 20:05:25 +00:00 |
|
Vadym Samoilenko
|
4f391a04e8
|
Complete critical security improvements (P0.5-P0.8)
P0.5: Database Row-Level Security (RLS) - CRITICAL
- Created Alembic migration for RLS policies on all client-scoped tables
- Policies for: presentations, master_decks, brand_configs, slides, templates
- Updated get_async_session to set PostgreSQL session variables
- Multi-tenant isolation now enforced at database level (defense-in-depth)
- Session variables: app.current_user_id, app.user_role
P0.6: Safe Error Messages
- Created safe_exception_handler to prevent info disclosure
- Logs full errors internally with context (user_id, path, method)
- Returns generic "internal error" message to clients
- Preserves HTTPException details (intentional error messages)
P0.7: Security Headers
- Created SecurityHeadersMiddleware with comprehensive headers
- Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection
- CSP, Referrer-Policy, Permissions-Policy, HSTS
- Updated nginx.conf with matching security headers
P0.8: Database Connection Pool Optimization
- Increased pool_size from 5 to 20 connections
- Added max_overflow of 40 for burst traffic
- Enabled pool_pre_ping for connection health checks
- Pool recycle after 1 hour to prevent stale connections
- Configurable via DB_POOL_SIZE, DB_MAX_OVERFLOW, DB_POOL_RECYCLE
All critical pre-launch security tasks complete. System now has:
✅ CORS protection
✅ Rate limiting
✅ Request size limits
✅ Database-level tenant isolation (RLS)
✅ Safe error handling
✅ Security headers
✅ Optimized connection pooling
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
|
2026-02-27 18:33:58 +00:00 |
|