From 12ac4eb943afdd94b3ffe71428153931c5f63ffd Mon Sep 17 00:00:00 2001 From: Nathan Schneider Date: Tue, 30 Jun 2026 15:09:09 -0600 Subject: [PATCH] Improve metadata prompts; fix upload error + remove debug log - Replace bracketed metadata placeholders with prompting questions - Fix upload error message (response.statusContents -> statusText) - Remove stray debug console.log on reactive screen updates - Document the upload token's security model in the app README Co-Authored-By: Claude Opus 4.8 (1M context) --- bicorder-app/README.md | 15 +++++++++++++++ bicorder-app/src/App.svelte | 5 ----- bicorder-app/src/components/ExportControls.svelte | 2 +- bicorder-app/src/components/MetadataFields.svelte | 8 ++++---- 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/bicorder-app/README.md b/bicorder-app/README.md index 6bf2c6f..df3813e 100644 --- a/bicorder-app/README.md +++ b/bicorder-app/README.md @@ -104,6 +104,21 @@ When you click **Upload**, your readings will be: All uploaded readings are public and available for research and analysis. By uploading, you consent to releasing your diagnostic under a public domain license. +#### Upload credentials and security model + +The upload feature posts directly from the user's browser to the Gitea API using an access token defined in `src/components/ExportControls.svelte` (`GITEA_TOKEN`). + +**This token is intentionally embedded in the client bundle, and that is acceptable here.** Because this is a purely static app, the browser must make the API call itself — there is no server-side code of ours to hold the token. Any credential the browser uses is therefore necessarily public; build-time environment variables would still be baked into the shipped JavaScript, so they would offer no real protection. The exposure is contained by *what the token can do* rather than by hiding it: + +- The token belongs to a **dedicated `bicorder-bot` account**, not to a personal account. +- `bicorder-bot` is a **collaborator with write access only to the public [`protocol-bicorder-data`](https://git.medlab.host/ntnsndr/protocol-bicorder-data) repo**. It cannot push to any other repository. +- It has **`admin: false`** on that repo, so it can only add/modify files — it cannot delete the repo or change its settings. +- The token scope is `write:repository` (it cannot even read user account details). + +The entire worst-case blast radius is therefore: someone extracts the token and spams or vandalizes the contents of the public data repo. This is recoverable (revert the commits) and the repo contains only public submissions. + +**If the token is ever abused:** revoke it under the `bicorder-bot` account (Gitea → Settings → Applications → Access Tokens — note that tokens live under the *user account*, not the repo), generate a replacement with the same `write:repository` scope, update `GITEA_TOKEN` in `ExportControls.svelte`, and rebuild. Optionally, enable branch protection on the data repo's `main` branch as an additional safeguard. + ## Browser Support - Modern browsers (Chrome, Firefox, Safari, Edge) diff --git a/bicorder-app/src/App.svelte b/bicorder-app/src/App.svelte index 986f1e2..ab42762 100644 --- a/bicorder-app/src/App.svelte +++ b/bicorder-app/src/App.svelte @@ -77,11 +77,6 @@ $: currentScreenData = screens[currentScreen]; $: totalScreens = screens.length; - // Debug: log when screens change - $: if (screens) { - console.log(`Screens updated: ${screens.length} total, shortform: ${data.metadata.shortform}`); - } - function goToNextScreen() { if (currentScreen < totalScreens - 1) { currentScreen++; diff --git a/bicorder-app/src/components/ExportControls.svelte b/bicorder-app/src/components/ExportControls.svelte index 1711ab9..33444e5 100644 --- a/bicorder-app/src/components/ExportControls.svelte +++ b/bicorder-app/src/components/ExportControls.svelte @@ -83,7 +83,7 @@ showUploadDialog = false; } else { const errorData = await response.json(); - throw new Error(errorData.message || `Upload failed: ${response.statusContents}`); + throw new Error(errorData.message || `Upload failed: ${response.statusText}`); } } catch (err) { console.error('Upload error:', err); diff --git a/bicorder-app/src/components/MetadataFields.svelte b/bicorder-app/src/components/MetadataFields.svelte index 3040773..ee111ec 100644 --- a/bicorder-app/src/components/MetadataFields.svelte +++ b/bicorder-app/src/components/MetadataFields.svelte @@ -36,7 +36,7 @@ handleInput('protocol', e.currentTarget.value)} /> @@ -46,7 +46,7 @@