fix: критические баги и качество кода — полный аудит

Критические фиксы: - main.py: монтировать /static из web/static/ (CSS не грузился совсем) - api/scans.py: filtered total count (был всегда общий, игнорируя фильтры) - web/routes.py: исправлен VALID_SORT_FIELDS (отсутствовали ключи packages) - web/routes.py: filtered total count для web scans list - package_detail.html: f.data.X вместо f.X (findings не отображались) Чистка мёртвого кода: - config.py: удалён _parse_repos и nexus_repositories (не использовались) - web/routes.py: удалён completed_scans/failed_scans (не отображались) - удалён мёртвый guarddog_nexus/static/style.css (67-байтный стаб) Качество кода: - web/routes.py: Jinja2 Environment кэшируется на уровне модуля - Вынесен дублирующийся JS в web/static/app.js - Вынесены дублирующиеся inline-стили в CSS-классы - Исправлен duplicate class attribute в списках - Удалены гигантские SVG из empty states Тесты: - 20 новых edge-case тестов (CSV export, search/filter/sort, 404, pagination) - Добавлен sample_flagged_scan fixture - Итого: 50 тестов, все зелёные
2026-05-10 03:46:05 +03:00
parent 6c8e89c95e
commit c43e7c4c9b
15 changed files with 329 additions and 145 deletions
--- a/guarddog_nexus/web/templates/base.html
+++ b/guarddog_nexus/web/templates/base.html
@@ -7,6 +7,7 @@
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css">
    <script src="https://unpkg.com/htmx.org@2.0.4"></script>
    <link rel="stylesheet" href="/static/style.css">
+    <script src="/static/app.js"></script>
 </head>
 <body>
    <main class="container">
--- a/guarddog_nexus/web/templates/dashboard_stats.html
+++ b/guarddog_nexus/web/templates/dashboard_stats.html
@@ -40,11 +40,7 @@
    </div>
 </div>
 {% else %}
-<div class="empty-state" style="padding: 1rem;">
-    <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"/></svg>
-    <h3>No findings yet</h3>
-    <small>Scan results will appear here once packages are processed.</small>
-</div>
+<p class="empty-state">No findings yet — scan results will appear here once packages are processed.</p>
 {% endif %}

 {% if days %}
--- a/guarddog_nexus/web/templates/package_detail.html
+++ b/guarddog_nexus/web/templates/package_detail.html
@@ -32,7 +32,7 @@
    </tbody>
 </table>

-<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 0.5rem;">
+<div class="finding-header-row">
    <h2>Findings ({{ findings|length }})</h2>
    {% if findings|length > 1 %}
    <button class="toggle-all-btn" onclick="toggleFindings()">Collapse All</button>
@@ -42,56 +42,26 @@
 {% if findings %}
    <div id="findings-container">
    {% for f in findings %}
-    <details class="finding-card {{ f.severity }}" data-finding-id="{{ f.id }}">
-        <summary style="cursor: pointer; list-style: none; display: flex; align-items: center; gap: 0.5rem; padding: 0.25rem 0;">
-            <strong class="severity-{{ f.severity }}">[{{ f.severity }}]</strong>
-            <strong>{{ f.rule }}</strong>
-            {% if f.location %}<small> @ {{ f.location }}</small>{% endif %}
-            <span style="margin-left: auto; font-size: 0.8rem; opacity: 0.5;">click to expand</span>
+    <details class="finding-card {{ f.data.severity }}" data-finding-id="{{ f.id }}">
+        <summary class="finding-summary">
+            <strong class="severity-{{ f.data.severity }}">[{{ f.data.severity }}]</strong>
+            <strong>{{ f.data.rule }}</strong>
+            {% if f.data.location %}<small> @ {{ f.data.location }}</small>{% endif %}
+            <span class="finding-summary-hint">click to expand</span>
        </summary>
        <div class="finding-details">
-            <p>{{ f.message }}</p>
-            {% if f.code %}
-            <div style="display: flex; justify-content: flex-end; margin-bottom: 0.25rem;">
+            <p>{{ f.data.message }}</p>
+            {% if f.data.code %}
+            <div class="code-toolbar">
                <button class="copy-btn" onclick="copyCode(this, 'code-{{ f.id }}')">Copy</button>
            </div>
-            <pre><code id="code-{{ f.id }}">{{ f.code }}</code></pre>
+            <pre><code id="code-{{ f.id }}">{{ f.data.code }}</code></pre>
            {% endif %}
        </div>
    </details>
    {% endfor %}
    </div>
 {% else %}
-    <div class="empty-state" style="padding: 1rem;">
-        <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"/></svg>
-        <h3>No findings</h3>
-        <small>Package looks clean.</small>
-    </div>
+    <p class="empty-state">No findings — package looks clean.</p>
 {% endif %}
 {% endblock %}
-
-{% block scripts %}
-<script>
-function toggleFindings() {
-    const container = document.getElementById('findings-container');
-    const details = container.querySelectorAll('details');
-    const first = details[0];
-    const isOpen = first && first.open;
-    details.forEach(d => d.open = !isOpen);
-    const btn = container.parentElement.querySelector('.toggle-all-btn');
-    if (btn) btn.textContent = isOpen ? 'Expand All' : 'Collapse All';
-}
-
-function copyCode(btn, codeId) {
-    const code = document.getElementById(codeId).textContent;
-    navigator.clipboard.writeText(code).then(() => {
-        btn.textContent = 'Copied!';
-        btn.classList.add('copied');
-        setTimeout(() => {
-            btn.textContent = 'Copy';
-            btn.classList.remove('copied');
-        }, 2000);
-    });
-}
-</script>
-{% endblock %}
--- a/guarddog_nexus/web/templates/packages_list.html
+++ b/guarddog_nexus/web/templates/packages_list.html
@@ -12,7 +12,7 @@

 <div class="filter-bar">
    <input type="text" id="search-input" placeholder="Search packages..." value="{{ search }}" hx-get="/packages" hx-trigger="input changed, keyup[entered] delay:300ms" hx-target="#packages-table-container" hx-swap="innerHTML">
-    <a href="?flagged={% if flagged_filter == '1' %}0{% else %}1{% endif %}" class="filter-btn" role="button" class="outline">
+    <a href="?flagged={% if flagged_filter == '1' %}0{% else %}1{% endif %}" role="button" class="outline">
        {% if flagged_filter == '1' %}Show all{% else %}Flagged only{% endif %}
    </a>
    <a href="/api/v1/packages/export?flagged={{ flagged_filter }}&search={{ search }}" role="button" class="outline">Export CSV</a>
@@ -53,11 +53,7 @@
    {% endfor %}
    {% if not packages %}
        <tr>
-            <td colspan="7" class="empty-state">
-                <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M20 7l-8-4-8 4m16 0l-8 4m8-4v10l-8 4m0-10L4 7m8 4v10M4 7v10l8 4"/></svg>
-                <h3>No packages found</h3>
-                <small>Try adjusting your search or filters.</small>
-            </td>
+            <td colspan="7" class="empty-state">No packages yet — packages will appear here once scans are processed.</td>
        </tr>
    {% endif %}
    </tbody>
--- a/guarddog_nexus/web/templates/scan_detail.html
+++ b/guarddog_nexus/web/templates/scan_detail.html
@@ -26,7 +26,7 @@
    {% if scan.error_message %}<tr><td><strong>Error</strong></td><td><span class="flagged">{{ scan.error_message }}</span></td></tr>{% endif %}
 </table>

-<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 0.5rem;">
+<div class="finding-header-row">
    <h2>Findings ({{ scan.findings|length }})</h2>
    {% if scan.findings|length > 1 %}
    <button class="toggle-all-btn" onclick="toggleFindings()">Collapse All</button>
@@ -37,16 +37,16 @@
    <div id="findings-container">
    {% for f in scan.findings %}
    <details class="finding-card {{ f.data.severity }}" data-finding-id="{{ f.id }}">
-        <summary style="cursor: pointer; list-style: none; display: flex; align-items: center; gap: 0.5rem; padding: 0.25rem 0;">
+        <summary class="finding-summary">
            <strong class="severity-{{ f.data.severity }}">[{{ f.data.severity }}]</strong>
            <strong>{{ f.data.rule }}</strong>
            {% if f.data.location %}<small> @ {{ f.data.location }}</small>{% endif %}
-            <span style="margin-left: auto; font-size: 0.8rem; opacity: 0.5;">click to expand</span>
+            <span class="finding-summary-hint">click to expand</span>
        </summary>
        <div class="finding-details">
            <p>{{ f.data.message }}</p>
            {% if f.data.code %}
-            <div style="display: flex; justify-content: flex-end; margin-bottom: 0.25rem;">
+            <div class="code-toolbar">
                <button class="copy-btn" onclick="copyCode(this, 'code-{{ f.id }}')">Copy</button>
            </div>
            <pre><code id="code-{{ f.id }}">{{ f.data.code }}</code></pre>
@@ -56,36 +56,6 @@
    {% endfor %}
    </div>
 {% else %}
-    <div class="empty-state" style="padding: 1rem;">
-        <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"/></svg>
-        <h3>No findings</h3>
-        <small>Package looks clean.</small>
-    </div>
+    <p class="empty-state">No findings — package looks clean.</p>
 {% endif %}
 {% endblock %}
-
-{% block scripts %}
-<script>
-function toggleFindings() {
-    const container = document.getElementById('findings-container');
-    const details = container.querySelectorAll('details');
-    const first = details[0];
-    const isOpen = first && first.open;
-    details.forEach(d => d.open = !isOpen);
-    const btn = container.parentElement.querySelector('.toggle-all-btn');
-    if (btn) btn.textContent = isOpen ? 'Expand All' : 'Collapse All';
-}
-
-function copyCode(btn, codeId) {
-    const code = document.getElementById(codeId).textContent;
-    navigator.clipboard.writeText(code).then(() => {
-        btn.textContent = 'Copied!';
-        btn.classList.add('copied');
-        setTimeout(() => {
-            btn.textContent = 'Copy';
-            btn.classList.remove('copied');
-        }, 2000);
-    });
-}
-</script>
-{% endblock %}
--- a/guarddog_nexus/web/templates/scans_list.html
+++ b/guarddog_nexus/web/templates/scans_list.html
@@ -19,7 +19,7 @@
        <option value="completed" {% if status_filter == 'completed' %}selected{% endif %}>Completed</option>
        <option value="failed" {% if status_filter == 'failed' %}selected{% endif %}>Failed</option>
    </select>
-    <a href="?flagged={% if flagged_filter == '1' %}0{% else %}1{% endif %}" class="filter-btn" role="button" class="outline">
+    <a href="?flagged={% if flagged_filter == '1' %}0{% else %}1{% endif %}" role="button" class="outline">
        {% if flagged_filter == '1' %}Show all{% else %}Flagged only{% endif %}
    </a>
    <a href="/api/v1/scans/export?flagged={{ flagged_filter }}&search={{ search }}&status={{ status_filter }}" role="button" class="outline">Export CSV</a>
@@ -64,11 +64,7 @@
    {% endfor %}
    {% if not scans %}
        <tr>
-            <td colspan="7" class="empty-state">
-                <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z"/></svg>
-                <h3>No scans found</h3>
-                <small>Try adjusting your search or filters.</small>
-            </td>
+            <td colspan="7" class="empty-state">No scans yet — scans will appear here once packages are processed.</td>
        </tr>
    {% endif %}
    </tbody>