Fix critical bugs and add production-readiness features#2
Open
Fix critical bugs and add production-readiness features#2
Conversation
Configure Django settings for production with env-based config, security hardening (HSTS, HTTPS, secure cookies), WhiteNoise static files, dj-database-url for Railway PostgreSQL, and gunicorn server. Includes deployment docs, CI workflow, and env variable template. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rewrite PracticeRecommendationView to use OpenAI v1+ SDK (gpt-4o-mini) - Add input validation for skill_level and instrument against model choices - Create recommendations page with auth-protected form and result display - Add Recommendations link to Header and MobileNav navigation - Enable dashboard quick action card to link to recommendations - Add 6 backend tests for recommendation endpoint (mocked OpenAI) - Set DEBUG=True in docker-compose for local development Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add AI practice recommendations feature
New standalone page at /youtube-practice with embedded YouTube player, playback speed controls (0.5x-1.25x), A-B loop, timestamp display, session save form, and a video library of past practice sessions. Adds YouTube components, types, backend youtube_url field, and navigation links. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Disable SECURE_SSL_REDIRECT in CI to prevent 301 redirects on all backend API tests (configurable via env var, defaults to True in prod) - Fix frontend test assertion to include youtube_url in POST body - Add accounts app tests for CustomUser model, current-user and logout endpoints Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix YouTube Practice page API endpoint mismatch (was calling /sessions/ instead of /) - Remove window.location.reload() calls in PracticeSessionForm (use state updates instead) - Remove debug print statements from accounts/views.py - Add login/register cross-navigation links and forgot password page - Add error boundary component wrapping all pages - Add loading skeletons for dashboard, profile, and YouTube practice pages - Add welcome banner empty state for new users on dashboard - Handle missing OpenAI API key gracefully with 503 response - Add timer completion sound notification using Web Audio API - Add password reset flow (frontend page + dj-rest-auth integration) - Add profile editing (name/email) with backend endpoint - Add session filtering, search, and pagination on profile page - Add frontend tests for LoginPage, RegisterPage, Dashboard, and ErrorBoundary https://claude.ai/code/session_01KeKHEPaYoNsosovTEZKQQC
There was a problem hiding this comment.
Pull request overview
This PR improves production readiness across the Django + Next.js app by fixing API endpoint mismatches, adding resilience/UX improvements (error boundaries, skeleton loaders, navigation), and extending auth/profile functionality.
Changes:
- Backend: add profile update endpoint + gracefully return 503 when
OPENAI_API_KEYis missing for recommendations. - Frontend: add global error boundary, forgot-password page, profile editing, session search/filter/pagination, loading skeletons, and timer completion notifications/sound.
- Tests: add Jest coverage for auth pages, dashboard, and the error boundary.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| session/views.py | Return 503 when OpenAI key is missing; avoid constructing client with a null key. |
| frontend/next-app/src/components/ui/skeleton.tsx | Introduce reusable Skeleton UI component. |
| frontend/next-app/src/components/ui/error-boundary.tsx | Add client-side error boundary component. |
| frontend/next-app/src/components/ui/tests/error-boundary.test.tsx | Add tests for error boundary behavior and reset. |
| frontend/next-app/src/components/profile/ProfilePage.tsx | Add profile editing UI + sessions search/filter/pagination + profile skeleton loader. |
| frontend/next-app/src/components/practice/PracticeSessionForm.tsx | Remove full page reloads after create/update/delete. |
| frontend/next-app/src/components/auth/tests/RegisterPage.test.tsx | Add tests for registration form validation and redirect. |
| frontend/next-app/src/components/auth/tests/LoginPage.test.tsx | Add tests for login success/failure/loading states. |
| frontend/next-app/src/components/auth/RegisterPage.tsx | Add cross-navigation link to Login. |
| frontend/next-app/src/components/auth/LoginPage.tsx | Add “Forgot password?” and “Sign up” links. |
| frontend/next-app/src/app/youtube-practice/page.tsx | Fix sessions endpoint usage; add library loading skeleton. |
| frontend/next-app/src/app/practice-timer/page.tsx | Add completion sound + browser notification and request permission. |
| frontend/next-app/src/app/layout.tsx | Wrap app content in ErrorBoundary. |
| frontend/next-app/src/app/forgot-password/page.tsx | Add password reset request page (dj-rest-auth integration). |
| frontend/next-app/src/app/dashboard/page.tsx | Add dashboard skeleton loader + welcome banner for new users. |
| frontend/next-app/src/app/dashboard/tests/page.test.tsx | Add dashboard tests (loading, stats, welcome banner, error). |
| accounts/views.py | Remove debug prints; add update-profile endpoint. |
| accounts/urls.py | Route update-profile endpoint. |
| accounts/serializers.py | Add serializer for profile updates (name/email). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Add @patch.dict(os.environ) to recommendation tests so the new API key validation doesn't short-circuit mocked OpenAI calls. Add test for missing API key returning 503. https://claude.ai/code/session_01KeKHEPaYoNsosovTEZKQQC
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
- Add DRF throttling: 20/min anonymous, 60/min authenticated, 5/min auth endpoints - Add custom AuthRateThrottle on login/registration to prevent brute force - Add security event logging for django.security and django.request - Set explicit SameSite=Lax on session and CSRF cookies - Add Next.js security headers: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-XSS-Protection https://claude.ai/code/session_01KeKHEPaYoNsosovTEZKQQC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://claude.ai/code/session_01KeKHEPaYoNsosovTEZKQQC