fix(offline,server,docs): apply PR #116 review findings to offline-sync

Carries the still-applicable findings from the PR #116 review into PR #120,
since #120 includes the mobile-bootstrap commit. CORS hardening (removing the
unconditional localhost/capacitor origins) is intentionally left out of scope.

Service worker routing (latent bug fix + testability):
- vite.config.ts: anchor Workbox path matching to a segment boundary
  (^/<seg>(/|$)) instead of startsWith, so siblings like /apidocs,
  /collaborators, /socket.iox are no longer mis-routed as API/realtime and
  forced NetworkOnly; align navigateFallbackDenylist with the same anchors.
- new apps/client/src/pwa/sw-strategy.ts holds the canonical predicates
  (isApiPath, isCollabOrSocketPath) + unit tests; the vite.config regexes
  mirror it inline (Workbox generateSW serializes urlPattern fns standalone,
  so they cannot import the module).

Server CORS (R1 extraction + coverage):
- extract buildCorsAllowlist / isOriginAllowed into cors.util.ts with unit
  tests (evil-origin rejected, WebView/no-Origin allowed); main.ts rewired to
  use them with byte-for-byte identical behavior.

Privacy — clear offline cache on logout:
- new clear-offline-cache.ts purges the persisted query cache
  (idb-keyval gitmost-rq-cache), the Yjs page.* IndexedDB databases, and the
  service-worker api-get-cache; wired into handleLogout (best-effort, before
  the redirect) so a previous user's private data does not linger locally.

Conventions & docs:
- prettier fixes on main.ts and login.dto.ts.
- CHANGELOG: document offline reading, returnToken opt-in, optional Swagger,
  new env vars, logout cache-clear, and the CORS open->allowlist breaking
  change.
- docs/mobile-app-plan.md: correct the now-false §2.4 claims and update the
  §12 checklist (native cap add ios left unchecked — generated locally,
  gitignored).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

This commit is contained in:

claude_code

2026-06-21 19:11:40 +03:00

committed by

claude code agent 227

parent 08359dd93e

commit b639cb2d8c

13 changed files with 818 additions and 22 deletions

									
										8

apps/server/src/core/auth/dto/login.dto.ts
									
												View File
												
				@@ -1,4 +1,10 @@

				import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';

				import {

				  IsBoolean,

				  IsEmail,

				  IsNotEmpty,

				  IsOptional,

				  IsString,

				} from 'class-validator';

				export class LoginDto {

				  @IsNotEmpty()

fix(offline,server,docs): apply PR #116 review findings to offline-sync

8 apps/server/src/core/auth/dto/login.dto.ts Unescape Escape View File

8

apps/server/src/core/auth/dto/login.dto.ts

View File