marcel

0 Followers · 0 Following

• Joined on 2026-03-17

Repositories

3

Projects Packages Public Activity Starred Repositories

marcel commented on issue marcel/familienarchiv#113 2026-03-31 21:02:29 +02:00

refactor(frontend): extract extractErrorCode() helper to eliminate repeated as-unknown-as type assertions

🧪 Sara Holt — QA Engineer & Test Strategist

Test Strategy

This is a pure unit test target — a small, pure function with no side effects.

**Vitest unit tests (extractErrorCode.test.ts…

marcel commented on issue marcel/familienarchiv#112 2026-03-31 21:02:16 +02:00

fix(security): enforce maximum file upload size limit

🧪 Sara Holt — QA Engineer & Test Strategist

Test Strategy

Backend integration test — @SpringBootTest:

@Test
void shouldReturn413WhenFileSizeExceedsLimit() throws…

marcel commented on issue marcel/familienarchiv#111 2026-03-31 21:01:59 +02:00

fix(security): add rate limiting to login and password-reset endpoints

🧪 Sara Holt — QA Engineer & Test Strategist

Test Strategy

Rate limiting is notoriously tricky to test because the real timer makes tests slow. The key is a configurable test profile.

**…

marcel commented on issue marcel/familienarchiv#117 2026-03-31 21:01:42 +02:00

fix(a11y): add skip-to-main-content link in layout for keyboard navigation

🔒 Nora "NullX" Steiner — Application Security Engineer

No security concerns with this change. The href="#main-content" is an internal page anchor — no open redirect risk, no injection…

marcel commented on issue marcel/familienarchiv#116 2026-03-31 21:01:30 +02:00

fix(security): add Content-Security-Policy headers to SvelteKit responses

🔒 Nora "NullX" Steiner — Application Security Engineer

Questions & Observations

• PDF.js is the main CSP headache. It uses blob: URLs for its worker, data: URIs for inline…

marcel commented on issue marcel/familienarchiv#115 2026-03-31 21:01:10 +02:00

fix(ui): replace localStorage panel state restore with SvelteKit snapshot API to eliminate flash on load

🔒 Nora "NullX" Steiner — Application Security Engineer

Questions & Observations

• SvelteKit snapshots use sessionStorage under the hood, not localStorage. sessionStorage is…

marcel commented on issue marcel/familienarchiv#114 2026-03-31 21:00:58 +02:00

fix(a11y): replace clickable divs with button elements in PdfViewer and AnnotationLayer

🔒 Nora "NullX" Steiner — Application Security Engineer

Questions & Observations

• Accessibility and security overlap here. Clickable <div> elements are occasionally used to bypass…

marcel commented on issue marcel/familienarchiv#113 2026-03-31 21:00:43 +02:00

refactor(frontend): extract extractErrorCode() helper to eliminate repeated as-unknown-as type assertions

🔒 Nora "NullX" Steiner — Application Security Engineer

No direct security concerns here — this is a type-safety refactor with no security-sensitive behaviour change.

One observation worth…

marcel commented on issue marcel/familienarchiv#112 2026-03-31 21:00:30 +02:00

fix(security): enforce maximum file upload size limit

🔒 Nora "NullX" Steiner — Application Security Engineer

Questions & Observations

• Is 100 MB the right limit? For a family document archive of scanned letters, photos, and PDFs, 100…

marcel commented on issue marcel/familienarchiv#111 2026-03-31 21:00:08 +02:00

fix(security): add rate limiting to login and password-reset endpoints

🔒 Nora "NullX" Steiner — Application Security Engineer

Questions & Observations

• IP extraction is the tricky part. This app sits behind Caddy in production. The real client IP…

marcel commented on issue marcel/familienarchiv#117 2026-03-31 20:59:50 +02:00

fix(a11y): add skip-to-main-content link in layout for keyboard navigation

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• The Svelte code in the issue is correct and idiomatic. The sr-only focus:not-sr-only Tailwind pattern is the…

marcel commented on issue marcel/familienarchiv#116 2026-03-31 20:59:32 +02:00

fix(security): add Content-Security-Policy headers to SvelteKit responses

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• The phase 1 / phase 2 approach is exactly right — deploy report-only first, observe, then enforce. Don't skip…

marcel commented on issue marcel/familienarchiv#115 2026-03-31 20:59:17 +02:00

fix(ui): replace localStorage panel state restore with SvelteKit snapshot API to eliminate flash on load

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• The hybrid approach (snapshot for back/forward + localStorage for first-visit) is sound, but the `$state(localSt…

marcel commented on issue marcel/familienarchiv#114 2026-03-31 20:59:04 +02:00

fix(a11y): replace clickable divs with button elements in PdfViewer and AnnotationLayer

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• Option A (semantic <button>) is always preferred. A <button> gets keyboard support, focus management, and…

marcel commented on issue marcel/familienarchiv#113 2026-03-31 20:58:49 +02:00

refactor(frontend): extract extractErrorCode() helper to eliminate repeated as-unknown-as type assertions

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• This is exactly the right time to extract: 10+ identical patterns, a clear stable name, and a genuinely simpler…

marcel commented on issue marcel/familienarchiv#112 2026-03-31 20:58:34 +02:00

fix(security): enforce maximum file upload size limit

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• The config change is trivial, but the ErrorCode chain is where the work is: add FILE_TOO_LARGE to the Java…

marcel commented on issue marcel/familienarchiv#111 2026-03-31 20:58:18 +02:00

fix(security): add rate limiting to login and password-reset endpoints

👨‍💻 Felix Brandt — Senior Fullstack Developer

Questions & Observations

• The issue offers two implementation paths: Resilience4j @RateLimiter and a manual ConcurrentHashMap. I'd…

marcel deleted branch feat/issue-171-dashboard-classic-split from marcel/familienarchiv 2026-03-31 20:56:56 +02:00

marcel pushed to main at marcel/familienarchiv 2026-03-31 20:56:54 +02:00

19035fbeab fix(dashboard): move right column first in DOM for mobile-first upload zone

79faee554a fix(dashboard): reduce incomplete docs widget from 5 to 3 items to prevent scroll

5adef7bec5 refactor(dashboard): delete DashboardMentions component — notifications page exists

595c2eb987 test(e2e): Classic Split — right column absent for read-only user, present for admin

518019f099 chore(e2e): gitignore Playwright auth state — regenerate in CI via auth.setup.ts

Compare 12 commits »

marcel closed issue marcel/familienarchiv#171 2026-03-31 20:56:53 +02:00

feat(dashboard): Classic Split — remove notification widget, restructure into 2-col layout