19e2f65a21
Some checks failed
CI / fail2ban Regex (pull_request) Has been cancelled
CI / Semgrep Security Scan (pull_request) Has been cancelled
CI / Compose Bucket Idempotency (pull_request) Has been cancelled
CI / Backend Unit Tests (pull_request) Has been cancelled
CI / Unit & Component Tests (push) Has been cancelled
CI / OCR Service Tests (push) Has been cancelled
CI / Backend Unit Tests (push) Has been cancelled
CI / fail2ban Regex (push) Has been cancelled
CI / Semgrep Security Scan (push) Has been cancelled
CI / Compose Bucket Idempotency (push) Has been cancelled
CI / Unit & Component Tests (pull_request) Successful in 3m34s
CI / OCR Service Tests (pull_request) Successful in 20s
hooks.server.ts already forwards the CSRF token for server-side fetch (form actions, load). Client-side XHR calls bypassed it, causing Spring Security to return 403 before PermissionAspect even ran. Adds getCsrfToken/withCsrf/makeCsrfFetch to cookies.ts. useTranscriptionBlocks wraps its injectable fetchImpl with makeCsrfFetch (covers all block mutations and saveBlockWithConflictRetry). useBlockAutoSave, TranscriptionEditView, BulkDocumentEditLayout, OcrTrainingCard, and SegmentationTrainingCard apply withCsrf inline. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
document (frontend)
UI for the archive's core concept: viewing, uploading, editing, searching, bulk-selecting, and transcribing documents.
What this domain owns
Components: DocumentRow, DocumentThumbnail, DocumentTopBar, DocumentViewer, DocumentMetadataDrawer, DocumentEditLayout, DocumentStatusChip, UploadZone, BulkSelectionBar, BulkDropZone.
Utilities: search.ts (search-param helpers), filename.ts (filename formatting), documentStatusLabel.ts (i18n label mapping), validateFile.ts (upload validation), groupDocuments.ts (list grouping).
Sub-folders: annotation/, transcription/, viewer/.
What this domain does NOT own
- Person typeahead —
person/PersonTypeahead.svelte(cross-domain import, allowed by ESLint rule) - Tag input —
tag/TagInput.svelte(cross-domain import, allowed) - Shared discussion —
shared/discussion/(comment/mention editor)
Key components
| Component | Route used in | Notes |
|---|---|---|
DocumentRow.svelte |
/ (search results), admin queues |
Compact document card with thumbnail |
DocumentViewer.svelte |
/documents/[id] |
PDF/image inline viewer |
DocumentEditLayout.svelte |
/documents/[id]/edit |
Full edit form with sticky save bar |
UploadZone.svelte |
/documents/new, bulk upload |
Drag-and-drop file drop area |
BulkSelectionBar.svelte |
/documents bulk mode |
Multi-select action bar |
Cross-domain imports
person/PersonTypeahead.svelte— sender / receiver selectiontag/TagInput.svelte— tag chip inputocr/OcrProgress.svelte— job status indicator in the document headershared/primitives/BackButton.svelte,shared/discussion/— shared UI
Backend counterpart
backend/src/main/java/org/raddatz/familienarchiv/document/README.md