- Add idx_guests_id and idx_guests_email indexes in init_db()
- Cap all SELECT queries on the guests table to LIMIT 100 to prevent
unbounded memory growth as the guestbook accumulates entries
Create appuser with configurable UID/GID (default 1000, matching
example.env PID/GID vars) and switch to it before starting Gunicorn.
Override at build time with --build-arg UID=... --build-arg GID=...
Note: the /data volume mount must be owned by the matching UID on the
host for the DB to remain writable.
- Fixed scrolling marquee to use a fixed px/s speed via JS instead of
a fixed duration, preventing it from speeding up as entries are added
- Added inline TODO comments throughout codebase to track known issues
(rate limiting, CSRF, unbounded queries, deprecated Flask decorator,
PII logging, schema versioning, Docker non-root user, etc.)
- Added todo-to-issue GitHub Action to auto-create Issues from TODOs on push to main
- Added .claude/ to .gitignore
Remove guestbook.db from repository
- Deleted guestbook.db, a binary SQLite database file, from the repo.
- Added guestbook.db to .gitignore to prevent storing environment-specific binaries.
- This change enhances security and keeps the repository clean by not tracking generated files.
- Fixed port variable interpolation to use ${PORT:-8000} for a default value.
- Updated volume configuration to use a named volume (guestbook_data) mounted at /data.
- Improved YAML formatting for clarity.
- Hide comment field by default.
- Add JavaScript to reveal comment field when first name, last name, and location have at least 3 characters.
- Update form instructions to inform users about the comment field.
- Display brief instructions above the guestbook form.
- Update validation: require first name, last name, and location; make email optional.
- Remove the 'required' attribute from the email input field.
- Provide context in the UI so users understand why email is optional.
- Update index.html to include a fixed, horizontally scrolling marquee at the bottom.
- Use CSS keyframes to animate guest entries, showing first name and location.
- Enhance user interface by providing a dynamic display of entries.
- Configure Python logging at INFO level.
- Log key events: database initialization, incoming requests, validation errors, and successful guest submissions.
- Log the number of guest entries displayed when rendering the page.
This improves observability and helps with troubleshooting.
- Validate that first_name, last_name, email, and location are provided
- Add regex-based email format validation in app.py
- Display error messages on the guestbook form if validation fails
These changes help ensure that only properly formatted data is stored.
steve
Steve Dogiakos
dependabot[bot]