SawatoMosswartsEnjoyersClub/MosswartOverlord
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
MosswartOverlord/FIXES.md
erik a121d57a13 new Websockets from client only
2025-05-04 14:45:27 +00:00

48 lines
No EOL
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Planned Fixes and Enhancements
_This document captures the next set of improvements and fixes for Dereth Tracker._
## 1. Chat Window Styling and Format
- **Terminal-style chat interface**
- Redesign the chat window to mimic Asherons Call in-game chat: monospaced font, dark semi-transparent background, and text entry at the bottom.
- Implement timestamped message prefixes (e.g., `[12:34] character: message`).
- Support command- and system-level styling (e.g., whispers, party chat) with distinct color cues.
## 2. Incoming Message Parsing
- **Strip protocol overhead**
- Remove JSON envelope artifacts (e.g., remove quotes, braces) so only raw message text appears.
- Validate and sanitize incoming payloads (e.g., escape HTML, truncate length).
- Optionally support rich-text / emotes by parsing simple markup (e.g., `*bold*`, `/me action`).
## 3. Message Color Scheme
- **Per-character consistent colors**
- Map each character name to a unique, but legible, pastel or muted color.
- Ensure sufficient contrast with the chat background (WCAG AA compliance).
- Provide user override settings for theme (light/dark) and custom palettes.
## 4. Command Prompt Integration
- **Client-side command entry**
- Allow slash-commands in chat input (e.g., `/kick PlayerName`, `/whisper PlayerName Hello`).
- Validate commands before sending to `/ws/live` and route to the correct plugin WebSocket.
- Show feedback on command success/failure in the chat window.
## 5. Security Hardening
- **Authentication & Authorization**
- Enforce TLS (HTTPS/WSS) for all HTTP and WebSocket connections.
- Protect `/ws/position` with rotating shared secrets or token-based auth (e.g., JWT).
- Rate-limit incoming telemetry and chat messages to prevent flooding.
- Sanitize all inputs to guard against injection (SQL, XSS) and implement strict CSP headers.
## 6. Performance and Scalability
- **Throttling and Load Handling**
- Batch updates during high-frequency telemetry bursts to reduce WebSocket churn.
- Cache recent `/live` and `/trails` responses in-memory to relieve SQLite under load.
- Plan for horizontal scaling: stateless FastAPI behind a load balancer with shared database or in-memory pub/sub.
## 7. Testing and Quality Assurance
- **Automated Tests**
- Unit tests for `db.save_snapshot`, HTTP endpoints, and WebSocket handlers.
- E2E tests for the frontend UI (using Puppeteer or Playwright) to verify chat and map functionality.
- Security regression tests for input sanitization and auth enforcement.
_Refer to this list when planning next development sprints. Each item should be broken down into individual tickets or pull requests._
Reference in a new issue View git blame Copy permalink