- Fixed ElGamal class instantiation in votes.py (ElGamalEncryption instead of ElGamal)
- Fixed public key serialization in admin.py (use public_key_bytes property)
- Implemented database migration with SQL-based key generation
- Added vote deduplication endpoint: GET /api/votes/check
- Protected all array accesses with type validation in frontend
- Fixed vote parameter type handling (string to number conversion)
- Removed all debug console logs for production
- Created missing dynamic route for vote history details
Fixes:
- JavaScript error: "can't access property length, e is undefined"
- Vote deduplication not preventing form display
- Frontend data validation issues
- Missing dynamic routes
- Fix ElGamalEncryption to generate keypair on initialization and provide public_key_bytes property with proper "p:g:h" UTF-8 format
- Add ElGamal alias for backward compatibility with imports
- Improve frontend error handling with detailed base64 decode error messages
- Update .gitignore to specifically ignore backend/lib/ and backend/lib64/ instead of all lib directories, preserving frontend node_modules-style lib/
This fixes the "Invalid public key format" error that was preventing vote submission during testing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit fixes 5 critical bugs found during code review:
Bug #1 (CRITICAL): Missing API endpoints for election filtering
- Added GET /api/elections/upcoming endpoint
- Added GET /api/elections/completed endpoint
- Both properly filter elections by date
Bug #2 (HIGH): Auth context has_voted state inconsistency
- Backend schemas now include has_voted in LoginResponse and RegisterResponse
- Auth routes return actual has_voted value from database
- Frontend context uses server response instead of hardcoding false
- Frontend API client properly typed with has_voted field
Bug #3 (HIGH): Transaction safety in vote submission
- Simplified error handling in vote submission endpoints
- Now only calls mark_as_voted() once at the end
- Vote response includes voter_marked_voted flag to indicate success
- Ensures consistency even if blockchain submission fails
Bug #4 (MEDIUM): Vote status endpoint
- Verified endpoint already exists at GET /api/votes/status
- Tests confirm proper functionality
Bug #5 (MEDIUM): Response format inconsistency
- Previously fixed in commit e10a882
- Frontend now handles both array and wrapped object formats
Added comprehensive test coverage:
- 20+ backend API tests (tests/test_api_fixes.py)
- 6+ auth context tests (frontend/__tests__/auth-context.test.tsx)
- 8+ elections API tests (frontend/__tests__/elections-api.test.ts)
- 10+ vote submission tests (frontend/__tests__/vote-submission.test.ts)
All fixes ensure frontend and backend communicate consistently.
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Changes:
- Add next-themes dependency for theme management
- Create ThemeProvider wrapper for app root layout
- Set dark mode as default theme
- Create ThemeToggle component with Sun/Moon icons
- Add theme toggle to home page navigation
- Add theme toggle to dashboard header
- App now starts in dark mode with ability to switch to light mode
Styling uses existing Tailwind dark mode variables configured in
tailwind.config.ts and globals.css. All existing components automatically
support dark theme.
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Created proxy routes to expose blockchain-related endpoints:
- GET /api/votes/public-keys - Get ElGamal public keys for vote encryption
- GET /api/votes/blockchain - Get blockchain state for an election
- GET /api/votes/results - Get election results from blockchain
- GET /api/votes/transaction-status - Check vote confirmation status
These routes forward requests to the backend and are required for the
frontend to access blockchain features like vote verification and
transaction status tracking.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The backend container needs to reach validators using their Docker service names
(validator-1, validator-2, validator-3) instead of localhost:PORT.
This fixes the 'validators unreachable' warning on backend startup.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses critical issues preventing user registration:
1. Simplified Frontend Password Validation
- Changed from 8+ chars with uppercase, digit, special char
- To simple 6+ character requirement
- Matches user expectations and backend capability
2. Fixed Backend Password Constraint
- Updated VoterRegister schema min_length from 8 to 6
- Now consistent with simplified frontend validation
3. Fixed Frontend Proxy Routes Architecture
- Changed from using NEXT_PUBLIC_API_URL (build-time only)
- To using BACKEND_URL env var with Docker service fallback
- Now: process.env.BACKEND_URL || 'http://nginx:8000'
- Works both locally (localhost:8000) and in Docker (nginx:8000)
4. Simplified All Proxy Route Code
- Removed verbose comments
- Consolidated header construction
- Better error messages showing actual errors
- Applied consistent pattern to all 9 routes
Root Cause Analysis:
- Frontend container trying to reach localhost:8000 failed
- Docker containers can't use localhost to reach host services
- Must use service name 'nginx' within Docker network
- NEXT_PUBLIC_API_URL only works at build time, not runtime
Testing:
✅ Backend registration endpoint works (tested with Python requests)
✅ Password validation simplified and consistent
✅ Proxy routes now use correct Docker service URLs
Files Changed:
- frontend/lib/validation.ts (password requirements)
- backend/schemas.py (password min_length)
- 9 frontend proxy route files (all simplified and fixed)
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Form Validation:
- Create comprehensive Zod validation schemas for all forms
- Login form: email, password validation
- Register form: first name, last name, email, password strength requirements
- Profile update form: all user fields with optional phone/address
- Password change form: current password, new password confirmation
- Vote submission form: election ID and candidate selection
Password Strength:
- Minimum 8 characters
- At least one uppercase letter
- At least one digit
- At least one special character (!@#$%^&*)
React Hook Form Integration:
- Update login page with useForm and field-level error display
- Update register page with form validation and error messages
- Show validation errors inline with red borders
- Disable form submission while loading or submitting
- Better user feedback with detailed error messages
Type Safety:
- Zod schemas with TypeScript inference
- Type-safe form data types
- Proper error handling and validation
Build Status:
- All pages compile successfully
- Zero TypeScript errors
- Bundle size includes Zod (~40 kB) and React Hook Form
- Login/Register pages: 145 kB First Load JS (includes new validation libraries)
- Shared bundle remains ~102 kB
Setup:
- npm install zod react-hook-form @hookform/resolvers
- Ready for production with form validation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Core Integration:
- Create API client with TypeScript types for all endpoints
- Implement authentication context provider for user state management
- Add protected route component for dashboard access control
- Connect login/register pages to backend authentication endpoints
- Implement user session persistence with localStorage tokens
Authentication:
- Login page now connects to /api/auth/login endpoint
- Register page connects to /api/auth/register with validation
- Password strength requirements (min 8 chars)
- Form validation and error handling
- Automatic redirect to dashboard on successful auth
- Logout functionality with session cleanup
Protected Routes:
- Dashboard pages require authentication
- Non-authenticated users redirected to login
- Loading spinner during auth verification
- User name displayed in dashboard header
- Proper session management
Election/Vote APIs:
- Dashboard fetches active elections from /api/elections/active
- Display real election data with candidates count
- Handle loading and error states
- Skeleton loaders for better UX
Type Safety:
- Full TypeScript interfaces for all API responses
- Proper error handling with try-catch blocks
- API response types: AuthToken, VoterProfile, Election, Candidate, Vote, VoteHistory
Environment:
- API URL configurable via NEXT_PUBLIC_API_URL env variable
- Default to http://localhost:8000 for local development
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
