SawatoMosswartsEnjoyersClub/MosswartOverlord
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
MosswartOverlord/FIXES.md
erik a121d57a13 new Websockets from client only
2025-05-04 14:45:27 +00:00

2.6 KiB
Raw Blame History

Planned Fixes and Enhancements

This document captures the next set of improvements and fixes for Dereth Tracker.

1. Chat Window Styling and Format

  • Terminal-style chat interface
    • Redesign the chat window to mimic Asherons Call in-game chat: monospaced font, dark semi-transparent background, and text entry at the bottom.
    • Implement timestamped message prefixes (e.g., [12:34] character: message).
    • Support command- and system-level styling (e.g., whispers, party chat) with distinct color cues.

2. Incoming Message Parsing

  • Strip protocol overhead
    • Remove JSON envelope artifacts (e.g., remove quotes, braces) so only raw message text appears.
    • Validate and sanitize incoming payloads (e.g., escape HTML, truncate length).
    • Optionally support rich-text / emotes by parsing simple markup (e.g., *bold*, /me action).

3. Message Color Scheme

  • Per-character consistent colors
    • Map each character name to a unique, but legible, pastel or muted color.
    • Ensure sufficient contrast with the chat background (WCAG AA compliance).
    • Provide user override settings for theme (light/dark) and custom palettes.

4. Command Prompt Integration

  • Client-side command entry
    • Allow slash-commands in chat input (e.g., /kick PlayerName, /whisper PlayerName Hello).
    • Validate commands before sending to /ws/live and route to the correct plugin WebSocket.
    • Show feedback on command success/failure in the chat window.

5. Security Hardening

  • Authentication & Authorization
    • Enforce TLS (HTTPS/WSS) for all HTTP and WebSocket connections.
    • Protect /ws/position with rotating shared secrets or token-based auth (e.g., JWT).
    • Rate-limit incoming telemetry and chat messages to prevent flooding.
    • Sanitize all inputs to guard against injection (SQL, XSS) and implement strict CSP headers.

6. Performance and Scalability

  • Throttling and Load Handling
    • Batch updates during high-frequency telemetry bursts to reduce WebSocket churn.
    • Cache recent /live and /trails responses in-memory to relieve SQLite under load.
    • Plan for horizontal scaling: stateless FastAPI behind a load balancer with shared database or in-memory pub/sub.

7. Testing and Quality Assurance

  • Automated Tests
    • Unit tests for db.save_snapshot, HTTP endpoints, and WebSocket handlers.
    • E2E tests for the frontend UI (using Puppeteer or Playwright) to verify chat and map functionality.
    • Security regression tests for input sanitization and auth enforcement.

Refer to this list when planning next development sprints. Each item should be broken down into individual tickets or pull requests.