v1.0.5-beta.006 - Address security, logging, accessibility, and UI review findings
This commit resolves all findings from the recent application review, significantly hardening security, improving error visibility, and enhancing keyboard accessibility.
Security Hardening:
- Mitigated command injection risk in getFolderSize() by replacing exec with execFile to safely pass path arguments without shell evaluation.
- Prevented internal information disclosure by masking raw Prisma errors from the client API responses, logging them securely to the backend instead.
- Hardened the uploads route with a strict extension allowlist to prevent serving arbitrary or executable files (e.g., HTML/SVG).
- Secured database backups by applying AES-256-CBC encryption to the generated payload.
Logging & Error Handling:
- Eliminated silent database transaction failures (swallowed .catch() blocks) across library, match-series, and cron routes, routing them to the centralized logger.
- Standardized all error logging to use Logger.log() instead of scattered console.error calls.
- Upgraded Logger to be isomorphic (browser/server safe), increased the in-memory buffer to 1,000 entries, and added persistent file logging (ISO 8601 timestamps).
- Added user-facing error toasts and optimistic UI reverts for Library page actions (data fetching, favoriting, bulk operations).
UI, Accessibility & Consistency:
- Fixed a severe hydration/DOM nesting error by replacing non-semantic, clickable divs and nested buttons in the comic-grid and library components with ARIA-compliant role=button elements with tabIndex={0} and onKeyDown handlers for full keyboard accessibility.
- Standardized modal/dialog sizes (sm:max-w-4xl) across interactive search and management panels.
- Aligned pagination options across the application to grid-friendly multiples (12, 24, 48, 96).
- Extracted hardcoded API polling intervals into explicit constants.
Code Cleanup:
- Removed dead/legacy files (hideOnReader.tsx) and cleaned up unused icon imports.
- Fixed NextAuth async config export mismatches.