s0wlz (Matthias Puchstein)
ff5ad26cfc
- Switched to secure httpOnly, SameSite=Strict cookies for JWT authentication. - Refactored backend to use AppState for shared secrets and database pool caching. - Modernized frontend with Svelte 5 runes ($state) and removed localStorage reliance. - Gated destructive test endpoints behind debug_assertions and fixed unsafe test patterns. - Enhanced CI pipeline with cargo clippy, cargo fmt, and pinned pnpm version. - Updated documentation and implementation plans to match the hardened architecture.
35 lines
1.2 KiB
Markdown
35 lines
1.2 KiB
Markdown
# TutorTool
|
|
|
|
Attendance tracker for tutoring sessions. Tutors manage courses, rooms, and slots; students check in via a public QR code link. Live at [tutor.puchstein.dev](https://tutor.puchstein.dev).
|
|
|
|
## Quickstart
|
|
|
|
```bash
|
|
make dev
|
|
# Backend: http://localhost:3000
|
|
# Frontend: http://localhost:5173
|
|
```
|
|
|
|
Demo credentials: `admin@tutortool.com` / `admin`
|
|
|
|
## Stack
|
|
|
|
- **Backend**: Rust + Axum + SQLite (via SQLx), Secure httpOnly Cookie JWT auth
|
|
- **Frontend**: SvelteKit 5 (Svelte runes), TypeScript, adapter-static (SPA)
|
|
- **Build**: Vite + Cargo; 3-stage Docker build for production
|
|
|
|
## Documentation
|
|
|
|
| Doc | Contents |
|
|
|---|---|
|
|
| [`CLAUDE.md`](CLAUDE.md) | Agent guidance: commands, architecture, conventions |
|
|
| [`GEMINI.md`](GEMINI.md) | Same, with Gemini-specific context |
|
|
| [`docs/testing.md`](docs/testing.md) | E2E test pipeline (Playwright + test daemon) |
|
|
| [`docs/specs/`](docs/specs/) | Feature specs |
|
|
| [`docs/plans/`](docs/plans/) | Implementation plans |
|
|
| [`docs/design_handoff/`](docs/design_handoff/) | UI design mocks |
|
|
|
|
## Deployment
|
|
|
|
Kubernetes via `deploy/` Helm chart on ITSH Cloud (tenant-5, Hetzner). CI via Gitea Actions at `.gitea/workflows/ci.yml`.
|