✨ SvelteKit Scaffold & Auth Wiring #9
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lteKit session probing
…Askama views; make backend API-only; root returns 204; add /api/session for UI session probing
…, toasts, and trends page; chore(api): add /api/session and HEAD /health; refactor(api): remove server-rendered HTML and views; test: update integration tests for cookie/dev-mode; chore: docker-compose UI service
…lte-kit, add alias, and resolve npm peer/dependency conflicts; run npm audit (remaining 4 low vulns in transitive cookie via @sveltejs/kit)
…olve Chart.js TS import by dynamic import & runtime registration, and associate labels with inputs for a11y
…m-option warning; keep app.css v4 directives
Replace Math.random() fallback with secureRandomId() using Web Crypto; switch to typed dynamic import for chart.js to avoid ts-ignore. Addresses PR review comments.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a complete SvelteKit frontend for the sleep tracking application, establishing it as an API-only backend with proper authentication integration. The changes remove server-rendered HTML pages in favor of a modern single-page application architecture.
Key changes:
- Adds a complete SvelteKit frontend (
sleep-ui/) with Tailwind CSS, authentication flow, and Chart.js-powered trends visualization - Converts the backend to API-only by removing Askama templates and HTML routes while adding session and health endpoints
- Updates all integration tests to work with both secure and development cookie configurations
Reviewed Changes
Copilot reviewed 27 out of 31 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| sleep-ui/* | Complete SvelteKit application with authentication, routing, API integration, and trends visualization |
| sleep-api/src/app.rs | Removes HTML routes, adds /api/session and /health endpoints for frontend integration |
| sleep-api/src/middleware/auth_layer.rs | Removes redirect-based authentication extractor, keeping only JSON-based auth |
| sleep-api/tests/*.rs | Updates integration tests to handle both secure and development cookie names |
| compose.yaml | Adds UI service configuration for development |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
…nit) Replace optional chaining with robust check for crypto and crypto.randomUUID; fallback to secureRandomId() otherwise.
ebigunso
changed the title
ebigunso
changed the title
…n and HEAD /health to OpenAPI; refresh app docs and route list
…redirect; add Vite proxy for /login
…t DELETE. Docs: SvelteKit UI SSR guard notes, /api/session and HEAD /health documented.
…edirect authenticated users from /login Dev: fix missing CSS in dev by preventing proxy collision on GET /login; introduce /auth proxy rewrite to backend, update logout to POST /auth/logout, and remove direct proxies for /login and /logout.
… canonical /login and /logout UI: login/+page.svelte and +layout.svelte now POST to ; fixes missing CSS on /login in dev by avoiding GET /login proxy collision while preserving prod URLs.
ebigunso
deleted the
feature/2025-08-14/rebuild-frontend-with-framework
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective
Introduce a SvelteKit frontend, integrate auth with the existing Rust backend, remove server-rendered HTML, provide minimal protected routing, and add a basic trends page using Chart.js.
Summary of changes
Frontend (sleep-ui/)
uiadded.Backend (Axum)
Tests
Tooling / config
uiservice exposing :5173 and depending onapi.How to run (dev)
cargo run -p sleep-api(set COOKIE_SECURE=0 in .env for http:// during local dev).cd sleep-ui && npm install && npm run dev(ordocker compose up --build ui).Security
Knowns / Audit
npm auditin sleep-ui currently reports 4 low-severity vulnerabilities through transitivecookie < 0.7via @sveltejs/kit. No safe non-breaking fix is available; audit fix --force would downgrade Kit to 0.0.30.Acceptance criteria mapping
npm install).Diff highlights vs origin/main