Replaces geist and styled-components with Tailwind #84
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } |
There was a problem hiding this comment.
Insecure Firestore rules committed as default
The main firestore.rules file now contains development rules allowing unrestricted read/write access (allow read, write: if true). While firestore.prod.rules contains proper authentication checks and a script exists to switch between them, the default committed state is insecure. If deployed via firebase deploy without first running ./switch-rules.sh prod, the production database would be completely open to unauthorized access.
| <img | ||
| src={user.photoUrl} | ||
| alt='User avatar' | ||
| className={`rounded-full border-white ${forPrint ? 'w-15 h-15 border-4' : 'w-25 h-25 border-8'}`} |
There was a problem hiding this comment.
Non-standard Tailwind classes break emergency card styling
The emergency card uses non-standard Tailwind CSS classes that don't exist in the framework's spacing scale: w-15, h-15, w-25, h-25 (line 61) and -top-4.5 (line 86). Tailwind's spacing scale includes values like 14, 16, 20, 24 but not 15 or 25. These classes won't apply any styles, breaking the avatar sizing and blood drop positioning on the emergency card. Arbitrary values like w-[60px] or -top-[18px] are needed instead.
Additional Locations (1)
| allow read, write: if true; | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Insecure Firestore rules committed to repository by default
The firebase/firestore.rules file contains completely permissive development rules (allow read, write: if true;) that allow anyone to read and write all data without authentication. This file is referenced by firebase.json and would be deployed to production by default. While there's a script system to switch to production rules via rules:prod, the committed default state is insecure. If deployment occurs using the standard build command (or direct firebase deploy) without explicitly running rules:prod first, it would expose all user data, infusions, and feedback to unauthenticated access.
Additional Locations (1)
| return Math.random() | ||
| .toString(36) | ||
| .substring(2, 2 + length) | ||
| } |
There was a problem hiding this comment.
Insecure and potentially short unique string generation
The generateUniqueString function was rewritten to use Math.random().toString(36).substring(2, 2 + length) instead of the cryptographically secure nanoid library. This has two problems: (1) Math.random() is not cryptographically secure and is predictable, making generated API keys vulnerable to guessing attacks, and (2) the function can return strings shorter than the requested length because small random values like 0.5 produce very short base-36 representations. API keys requesting 20 characters could receive as few as 1-2 characters. This affects API key generation and emergency alert IDs.
Big update incoming. This may take a bit, but I've been meaning to give the site a design refresh for a while.
Notable updates
Replaces GeistUI and Styled-Components with Tailwind
This one has been a long time coming. When I launched Hemolog, I wasn't focused on the UI. Building something that was functional, extensible, and simple to change later was the goal. I think I achieved that, but I've been meaning to do a design pass for a while. Unfortunately that means a rather large refactor in order to make the frontend simpler to manipulate and maintain. This PR does just that and more...
New custom components
I basically had cursor go through and migrate a bunch of the old geist components to raw jsx + tailwind. This will need some massaging but it saved me a ton of time and did the bulk of the work. Now I should have a relatively clean canvas.
Reduced page load
Reducing the 3rd party dependencies has also made the site a bit quicker. More improvements to come in this department as I'll most likely update to the most recent version of Next and React as well which should give some improvements in the stats department for free.
Note
Major refactor to App Router + Tailwind
components/*andpages/*filessrc/app/*and API endpoints tosrc/app/api/*(e.g.,delete-account,treatments,recent-treatments)tailwindcss,@tailwindcss/postcss,postcss.config.cjs) and updates styles accordinglyDependencies and tooling
^16.1.1and React 18; adds@tanstack/*,recharts; cleans up older UI libspublic/manifest.jsonCI/CD and testing
.next/standalone/server.js, disable install in Cypress stepFirebase configuration
firebase/; addsfirestore.dev.rulesandfirestore.prod.rulesrules:dev,rules:prod) and emulator/start helpers (firebase:dev,build:prod)firebase.jsonrule pathsWritten by Cursor Bugbot for commit 2ecc2c4. This will update automatically on new commits. Configure here.