Merge pull request #22 from Jsweb-Tech/Docs/Update

kasimlyee · web-flow · commit 890cac787cca · 2025-12-18T13:23:34.000+03:00
Docs &amp; workflow update
diff --git a/.github/workflows/discord_pr_notifier.yml b/.github/workflows/discord_pr_notifier.yml
@@ -0,0 +1,69 @@
+name: Discord PR Notifier
+
+on:
+  pull_request:
+    types: [opened, reopened, closed]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send PR info to Discord
+        env:
+          DISCORD_WEBHOOK_URL_4: ${{ secrets.DISCORD_WEBHOOK_URL_4 }}
+        run: |
+          ACTION="${{ github.event.action }}"
+          MERGED="${{ github.event.pull_request.merged }}"
+
+          # Ignore closed but not merged PRs
+          if [ "$ACTION" = "closed" ] && [ "$MERGED" != "true" ]; then
+            exit 0
+          fi
+
+          if [ "$ACTION" = "opened" ]; then
+            TITLE="🆕 Pull Request Opened"
+            COLOR=3447003
+          elif [ "$ACTION" = "reopened" ]; then
+            TITLE="🔄 Pull Request Reopened"
+            COLOR=16776960
+          else
+            TITLE="✅ Pull Request Merged"
+            COLOR=3066993
+          fi
+
+          curl -X POST "$DISCORD_WEBHOOK_URL_4" \
+            -H "Content-Type: application/json" \
+            -d @- << EOF
+          {
+            "username": "GitHub PR Bot",
+            "avatar_url": "https://github.com/github.png",
+            "embeds": [
+              {
+                "title": "$TITLE",
+                "url": "${{ github.event.pull_request.html_url }}",
+                "description": "**${{ github.event.pull_request.title }}**",
+                "color": $COLOR,
+                "author": {
+                  "name": "${{ github.event.pull_request.user.login }}",
+                  "url": "${{ github.event.pull_request.user.html_url }}",
+                  "icon_url": "${{ github.event.pull_request.user.avatar_url }}"
+                },
+                "fields": [
+                  {
+                    "name": "Base → Head",
+                    "value": "${{ github.event.pull_request.base.ref }} → ${{ github.event.pull_request.head.ref }}",
+                    "inline": true
+                  },
+                  {
+                    "name": "Repository",
+                    "value": "${{ github.repository }}",
+                    "inline": true
+                  }
+                ],
+                "footer": {
+                  "text": "JsWeb Framework • Pull Requests"
+                }
+              }
+            ]
+          }
+          EOF
diff --git a/.github/workflows/discord_release_notifier.yml b/.github/workflows/discord_release_notifier.yml
@@ -1,34 +1,31 @@
 name: Discord Release Notifier
 
-# This action will only trigger when a new release is "published".
-# It won't trigger on drafts or pre-releases.
 on:
   release:
     types: [published]
 
 jobs:
   notify:
-    name: Send Discord Notification
     runs-on: ubuntu-latest
     steps:
       - name: Send Release Info to Discord
         env:
-          # We securely access the webhook URL from the GitHub secret we created.
           DISCORD_WEBHOOK_URL_1: ${{ secrets.DISCORD_WEBHOOK_URL_1 }}
         run: |
-          # This command uses `curl` to send a POST request with a JSON payload.
-          # The JSON creates a nice-looking "embed" in Discord.
+          # Truncate release notes to avoid Discord limit (4000 chars safe)
+          BODY=$(echo "${{ github.event.release.body }}" | head -c 4000)
+
           curl -X POST "$DISCORD_WEBHOOK_URL_1" \
-               -H "Content-Type: application/json" \
-               -d @- << EOF
+            -H "Content-Type: application/json" \
+            -d @- << EOF
           {
-            "username": "Github Releases",
+            "username": "GitHub Releases",
             "avatar_url": "https://github.com/github.png",
             "embeds": [
               {
                 "title": "🚀 New Release: ${{ github.event.release.name }}",
                 "url": "${{ github.event.release.html_url }}",
-                "description": "${{ github.event.release.body }}",
+                "description": "$BODY\n\n🔗 **Read full changelog on GitHub**",
                 "color": 5814783,
                 "author": {
                   "name": "${{ github.event.release.author.login }}",
@@ -41,4 +38,4 @@ jobs:
               }
             ]
           }
-          EOF
+          EOF
diff --git a/docs/forms.md b/docs/forms.md
@@ -97,3 +97,11 @@ In your template, you can then render the form fields individually.
     <button type="submit">Log In</button>
 </form>
 ```
+
+## CSRF Protection
+
+JsWeb provides built-in CSRF protection. For traditional forms, you can include a hidden `csrf_token` field in your form, as shown in the example above.
+
+> **Note for the Next Version:**
+>
+> For SPAs and API-first applications, the next version of JsWeb will also support sending the CSRF token in the `X-CSRF-Token` HTTP header. This is the recommended approach for modern web applications.
