xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add phase-gated API, cookie identity, and initial migration

Browse Source
This commit is contained in:
Frank Tovar
2026-01-28 14:46:59 +01:00
parent 257b473253
commit 68ba872031
6 changed files with 804 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
TASKS.md
View File

@@ -10,21 +10,21 @@
- [x] Implement `AppDbContext` in `Data/` with DbSets and simple seeding of `AppState`.
## Identity & Middleware
- [ ] Middleware to issue/read HttpOnly `player` cookie with Guid; SameSite=Strict; secure in production.
- [ ] Minimal API filters/helpers to resolve current player and ensure existence in DB.
- [x] Middleware to issue/read HttpOnly `player` cookie with Guid; SameSite=Strict; secure in production.
- [x] Minimal API helpers to resolve current player and ensure existence in DB.
- [ ] Global exception/validation handling and basic logging.
## Phase Enforcement
- [ ] Store current phase in `AppState`; default to Suggest.
- [ ] Central guard ensuring endpoints respect allowed phase (server-side blindness, no client trust).
- [x] Store current phase in `AppState`; default to Suggest.
- [x] Central guard ensuring endpoints respect allowed phase (server-side blindness, no client trust).
## API Endpoints (see API.md)
- [ ] `GET /api/state` returns phase and counts.
- [ ] `GET /api/me` and `POST /api/me/name` to set display name.
- [ ] Suggestion endpoints: mine/create/all with per-player visibility rules.
- [ ] Vote endpoints: mine/create with per-player visibility and phase gating.
- [ ] Results endpoint aggregates totals and vote counts (optionally averages) sorted desc.
- [ ] Admin endpoints: switch phase, reset data; protect via env password.
- [x] `GET /api/state` returns phase and counts.
- [x] `GET /api/me` and `POST /api/me/name` to set display name.
- [x] Suggestion endpoints: mine/create/all with per-player visibility rules.
- [x] Vote endpoints: mine/create with per-player visibility and phase gating.
- [x] Results endpoint aggregates totals and vote counts (optionally averages) sorted desc.
- [x] Admin endpoints: switch phase, reset data; protect via env password.
## Frontend (wwwroot)
- [ ] `index.html` shell with phase-driven sections.
@@ -32,8 +32,8 @@
- [ ] `styles.css` basic responsive layout (desktop + mobile).
## Persistence & Migrations
- [ ] Create initial EF Core migration for SQLite schema.
- [ ] Add startup migration application.
- [x] Create initial EF Core migration for SQLite schema.
- [x] Add startup migration application.
## Testing & Quality
- [ ] Happy-path smoke test script (manual or minimal automated) for phase flow.