and improve mobile UX
- Menambahkan fitur tombol \"Coba ▶\" untuk menyalin kode
materi ke editor secara otomatis.
- Implementasi setupTryButtons.ts (Svelte Action) untuk
injeksi tombol berdasarkan label bahasa Markdown (c, python,
`arduino).
- Mengatur perilaku tombol agar hanya memuat kode dan
memfokuskan tab (No Auto-Run) untuk memberikan kesempatan
siswa meninjau kode.
- Optimasi tampilan Mobile (< 768px):
- Tombol \"Coba\" selalu terlihat (tanpa hover).
- Otomatis membuka workspace ke mode 'half-sheet' dan
melakukan smooth scroll ke editor saat tombol diklik.
- Sinkronisasi urutan render: setupTryButtons dijalankan
sebelum highlightAllCode untuk memastikan deteksi bahasa
yang akurat.
- Update documentation.md dengan panduan penggunaan fitur
tombol \"Coba\" dan dokumentasi refactoring modularitas
halaman lesson.
- Menambahkan modul uji coba LaTeX ke daftar materi di
home.md
+page.svelte dan perbaiki backend parser
Pembaruan ini
mencakup:
- Refactoring skala besar pada halaman lesson SvelteKit untuk efisiensi kode.
- Ekstraksi evaluasi Code, Circuit, dan Velxio ke dalam direktori lib/services/.
- Memisahkan manajemen iframe (Zustand & PostMessage) ke velxio-manager.ts.
- Memisahkan Tab Panel HTML menjadi komponen spesifik (CodeTab, CircuitTab, VelxioTab).
- Ekstraksi blok <style> menjadi stylesheet terpisah (lesson.css).
- Perbaikan warning A11y & penghapusan class usang pada Navbar.svelte.
- Memperbaiki regex parser 'Available_Lessons' pada lesson_service.py di backend.
- Menambahkan mekanisme auto-append ekstensi '.md' untuk mengatasi bug Home kosong dan tombol 'Next Lesson' yang hilang akibat format URL baru di home.md.
3 - Integration of KaTeX in frontend (SvelteKit) with a custom
renderMath` action.
- Added `python-markdown-math` extension in backend (Flask). to handle math blocks.
- Configured Vite to handle KaTeX during SSR and browser rendering.
- Added a LaTeX test lesson and updated home navigation.
- Supported both inline ($) and block ($$) math rendering,
including multi-line support.
- Move navigation menu to the leftmost position and
consolidate actions into a dropdown.
- Replace clunky mobile sheet handle with explicit
minimize/maximize buttons.
- Fix home page content margins for list elements.
- Ensure student identity remains visible on mobile devices
with optimized font sizing.
- Synchronize CircuitJS simulator theme with global
light/dark mode.
- Update elemes.sh to provide cleaner output by silencing
podman-compose logs by default.
Implements multiple layers of security to address high-risk session
and authentication vulnerabilities identified in the security review:
- Allow code compilation (C, Python, Arduino) for anonymous users.
- Enforce a 1-request-per-2-minutes rate limit for anonymous IPs.
- Implement a global anonymous compilation queue with 20 concurrent slots.
- Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking.
- Exempt authenticated users (tokens/cookies) from all rate limits.
- Fix networking and DNS resolution in podman-compose.
- Fix Svelte a11y warnings and trailing slash routing issues.
- Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE
env variable for HTTPS/Tailscale Funnel compatibility.
- Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to
prevent API abuse while accommodating shared school networks (NAT).
- Tarpitting: Added 1.5s artificial delay on failed logins to neutralize
automated brute-force tools without blocking legitimate users.
- Session Invalidation: Implemented an in-memory token blacklist on
logout to ensure session tokens cannot be reused.
- Documentation: Updated technical docs and proposal status to reflect
the current security architecture.
Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)
- Menambahkan service 'compiler-worker' terpisah untuk isolasi eksekusi kode C/Python.
- Mengintegrasikan gVisor (runsc) pada worker untuk mencegah RCE pada level kernel.
- Menggunakan Gunicorn (4 workers) pada compiler-worker untuk mendukung concurrency.
- Menambahkan otentikasi token wajib pada endpoint /compile dan laporan progres.
- Memperketat CORS policy menggunakan environment variable ORIGIN.
- Menerapkan secure_filename pada rute pelajaran untuk mencegah Path Traversal.
- Mengubah volume mounting backend utama menjadi Read-Only (:ro) untuk perlindungan data.
- Memperbarui proposal.md dan .env.example dengan standar keamanan terbaru.
- Create student tutorial documentation in Markdown with updated asset paths
- Add backend routes to serve rendered help content and assets via JSON API
- Implement frontend /help route using SvelteKit for professional rendering
- Add "Bantuan" link to the navigation bar with custom styling
- Generate tutorial screenshots and a demo video with virtual cursor and subtitles
- Configure Tailscale and Vite proxies to support the new help routing
- Add automated video generation scripts and assets
a2nr