Soren_Molty/plumbing-dashy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62d431818ad7e78ddd61cf32acd449d8d8d72115
plumbing-dashy/PROGRESS.md
T

6.0 KiB
Raw Blame History

Dashy Project Refactor: Progress Report

Objective: Transition Dashy from a browser-based SQLite (local storage) application to a Client-Server architecture using a Python FastAPI backend with a persistent database.

Completed Tasks

1. Backend Infrastructure Setup

  • Created backend/ directory structure.
  • Configured requirements.txt with essential libraries (fastapi, sqlalchemy, pydantic, jose, etc.).
  • Fix: Pinned bcrypt==4.0.1 to resolve compatibility issues with passlib.

2. Database Modeling

  • Schema Design: Translated the original db.js schema into SQLAlchemy models in models.py.
  • Relationships: Established Many-to-Many relationships for Task Tags and One-to-Many for User Tasks and Notes.
  • Audit Logging: Implemented a robust Audit Log system to track all user actions.

3. API Development

  • Main App (main.py): Set up FastAPI with CORS middleware enabled for frontend communication.
  • Authentication: Built JWT-based login flow in auth.py.
  • Endpoints: Created initial endpoints for:
    • User retrieval
    • Task CRUD (Create, Read, Update)
    • Audit log retrieval/creation

4. Data Migration & Environment Handling

  • Seeding: Created seed.py to migrate initial prototype data into the new database.
  • CIFS/NAS Fix:
    • Implemented DASHY_DB_PATH environment variable support to allow the database file to reside on a local disk while code stays on the NAS.
    • Added a 30-second connection timeout to mitigate network latency.

🚧 Current Status

  • Backend: Feature-complete for the first phase.
  • Database: Schema is stabilized, seeding logic is verified, and database is active.
  • Frontend: Integrated with FastAPI backend via api.js. Legacy WASM SQLite files archived.

⏭️ Upcoming Steps

Phase 2: Frontend Refactor & Workflow Polish ( Completed)

  1. API Integration: Created api.js to handle network requests, swapped DashyDB for async API calls in app.jsx, and updated Login to use JWT tokens.
  2. Legacy Cleanup: Archived db.js and data.jsx to Dashy-v1/scraps/ and removed sql.js WASM dependency from Dashy.html.
  3. API Base URL Fix: Updated api.js to dynamically use the browser's hostname to resolve "Connection Refused" errors.
  4. Audit Rendering Crash Fix: Resolved the TASK_AUDIT ReferenceError by passing live API audit logs into the TaskDetail modal.
  5. UI State Refresh Fix: Modified the useApiData hook to fetch subsequent updates silently without unmounting the app (fixing the drag-and-drop refresh bug).
  6. Task Completion: Added a "Mark as completed" button, removed closed tasks from the main Overview board, and set up audit logging.
  7. User Views Update: Updated UserScreen to accurately display open task counts and render a dedicated, faded "Completed" section for closed tasks.
  8. Task Reopening: Added a "Reopen task" button to restore accidentally closed tasks back to the queue.
  9. User Management (Settings): Built backend API endpoints (POST, PATCH, DELETE for /users) and wired up the WorkspaceTab allowing Admins to manage the team from the UI.
  10. Task Editing: Implemented inline editing for task descriptions using an active text box state with "Save/Cancel" actions.
  11. UI Cleanup: Removed hardcoded, prototype placeholder notes from the TaskDetail modal to prepare for future dynamic notes integration.
  12. Permanent Deletion: Added a "Delete task permanently" button to the TaskDetail sidebar with a confirmation dialog, backed by a new DELETE /tasks/{id} API endpoint.
  13. Permanent Deletion Wiring Fix: Resolved a three-layer bug where the delete button was non-functional:
    • Added the missing onDeleteTask prop to the TaskDetail component signature in screens.jsx.
    • Added the missing deleteTask handler in app.jsx (calls api.deleteTask, writes an audit entry, and closes the modal).
    • Restarted the FastAPI backend so the previously-added DELETE /tasks/{id} route was loaded into the running process (was returning 405 prior to restart).
  14. Password Management: Made the "Change password" flow real (previously a placeholder UI).
    • Backend: Added PasswordChange schema and a new POST /users/{user_id}/password endpoint that verifies the current password (401 on mismatch) before re-hashing and saving the new one.
    • API client: Added api.changePassword(id, oldPwd, newPwd) that surfaces the backend's detail message inline rather than just the HTTP status text.
    • Frontend: Wired the previously-inert "Update password" button in SettingsScreen — submits via onChangePassword, shows inline error / success states, disables while in flight, clears the fields on success, and writes a password_changed audit entry.
    • Defaults confirmed: Seeded users (seed.py) and admin-created users (app.jsx) both default to password123.
  15. Real Login Authentication: Fixed a security bug where the login screen accepted any password. Bound the input to component state and implemented proper 401 handling with inline error messaging.
  16. Network Hardening: Configured the frontend to use a relative /api path, allowing the FastAPI backend to be completely shielded behind an Nginx SSL reverse proxy on 127.0.0.1. No internal ports are now exposed to the public internet.
  17. API Authentication Enforcement: Fixed a security vulnerability where API endpoints were publicly accessible without a token. Implemented the get_current_user dependency in backend/auth.py and applied it to all sensitive routes. Accessing /tasks, /users, etc. now strictly requires a valid JWT Bearer token.

Phase 3: Advanced Features

  • Real-time Notifications: Explore WebSockets for task assignments.
  • iMessage Integration: Develop the "Molty" bridge for phone-to-task creation.
  • File Uploads: Support for attaching photos/documents to tasks.

Last Updated: Monday, May 11, 2026 Status: Phase 2 Complete / Ready for Phase 3

Reference in New Issue View Git Blame Copy Permalink