and improve mobile UX
- Menambahkan fitur tombol \"Coba ▶\" untuk menyalin kode
materi ke editor secara otomatis.
- Implementasi setupTryButtons.ts (Svelte Action) untuk
injeksi tombol berdasarkan label bahasa Markdown (c, python,
`arduino).
- Mengatur perilaku tombol agar hanya memuat kode dan
memfokuskan tab (No Auto-Run) untuk memberikan kesempatan
siswa meninjau kode.
- Optimasi tampilan Mobile (< 768px):
- Tombol \"Coba\" selalu terlihat (tanpa hover).
- Otomatis membuka workspace ke mode 'half-sheet' dan
melakukan smooth scroll ke editor saat tombol diklik.
- Sinkronisasi urutan render: setupTryButtons dijalankan
sebelum highlightAllCode untuk memastikan deteksi bahasa
yang akurat.
- Update documentation.md dengan panduan penggunaan fitur
tombol \"Coba\" dan dokumentasi refactoring modularitas
halaman lesson.
- Menambahkan modul uji coba LaTeX ke daftar materi di
home.md
Implements multiple layers of security to address high-risk session
and authentication vulnerabilities identified in the security review:
- Allow code compilation (C, Python, Arduino) for anonymous users.
- Enforce a 1-request-per-2-minutes rate limit for anonymous IPs.
- Implement a global anonymous compilation queue with 20 concurrent slots.
- Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking.
- Exempt authenticated users (tokens/cookies) from all rate limits.
- Fix networking and DNS resolution in podman-compose.
- Fix Svelte a11y warnings and trailing slash routing issues.
- Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE
env variable for HTTPS/Tailscale Funnel compatibility.
- Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to
prevent API abuse while accommodating shared school networks (NAT).
- Tarpitting: Added 1.5s artificial delay on failed logins to neutralize
automated brute-force tools without blocking legitimate users.
- Session Invalidation: Implemented an in-memory token blacklist on
logout to ensure session tokens cannot be reused.
- Documentation: Updated technical docs and proposal status to reflect
the current security architecture.
Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)
- Added CircuitJSApi interface for simulator API interaction.
- Updated lesson page to support circuit simulation alongside code execution.
- Implemented separate output states for code and circuit evaluations.
- Enhanced lesson content rendering to include circuit embeds using markdown.
- Refactored backend to process circuit embed syntax and convert to HTML.
- Updated podman-compose configuration to include new environment variable for cursor offset.
- Created a proposal document outlining the feasibility and implementation plan for CircuitJS1 integration.
- Added proxy handling for `/assets/` in `sinau-c-tail.json` to route requests to the asset server.
- Enhanced `hooks.server.ts` to support proxying for both `/api/*` and `/assets/*` endpoints, including handling binary content.
- Introduced an anti copy-paste system in the lesson page to prevent text selection and copying from lesson content.
- Updated `CodeEditor.svelte` to prevent pasting from external sources with multiple layers of protection.
- Improved lesson page structure to support floating editor functionality and mobile responsiveness.
- Added celebration overlay for successful code completion in the lesson page.
- Adjusted `vite.config.ts` to include asset proxy configuration.
- Modified `podman-compose.yml` for production deployment with gunicorn and updated network settings.
a2nr