Exercise8 #10
Exercise8 #10
Conversation
Use TailwindCSS 2 for webapp (requires move to yarn)
jobegrabber
requested review from
medizinmensch,
noeljns,
powlaa and
roschaefer
roschaefer
left a comment
roschaefer
left a comment
There was a problem hiding this comment.
Hey @Systems-Development-and-Frameworks/dojo you received all 5/5 ⭐ in this exercise. The result doesn't look as visually appealing to what I saw already. But I'm not good in design and visuals myself 😞
The sidebar menu is always open in my browser (Firefox, Chromium). Is this a bug or not yet implemented?
⭐ For a header and it's responsiveness (direct links vs. hamburger menu)
⭐ For a content section and it's content items
⭐ For a responsive content section (3-column vs 1-column layout)
⭐ For responsive content items (1-column vs. 2-column layout)
⭐ For a footer
Here's a security advice: You shouldn't distinguish between "E-Mail not found" and "Password incorrect" to prevent an attacker from doing a user listing.
In total you received all 70/70 ⭐ during the entire course - outstanding!
| :href="href" | ||
| class="inline-flex m-1.5 px-2.5 py-2 rounded-lg shadow-md text-white text-center | ||
| cursor-pointer justify-center items-center" | ||
| :class="(!disabled ? `bg-${color}-500 hover:bg-${color}-600` : `bg-gray-500`) + (bold ? ' font-semibold' : '')"> |
There was a problem hiding this comment.
PurgeCSS will not be able to pick up the class names here. Don't use string interpolation like that in tailwind, instead, enumerate the classes.
| </nav> | ||
| <div | ||
| class="absolute z-20 w-full h-full bg-gray-50 opacity-50" | ||
| :class="sidebarOpen ? '' : 'hidden'" |
There was a problem hiding this comment.
| :class="sidebarOpen ? '' : 'hidden'" | |
| :class="{sidebarOpen : 'hidden'}" |
| DojoNews | ||
| </section> | ||
| <section class="hidden lg:block lg:flex lg:justify-between lg:bg-transparent"> | ||
| <NavMenu :is-authenticated="isAuthenticated" @logout="logout()"></NavMenu> |
There was a problem hiding this comment.
| <NavMenu :is-authenticated="isAuthenticated" @logout="logout()"></NavMenu> | |
| <NavMenu :is-authenticated="isAuthenticated" @logout="logout"></NavMenu> |
| :class="sidebarOpen ? 'left-0' : '-left-1/2 md:-left-1/3'" | ||
| > | ||
| <button class="self-end" @click="sidebarOpen = false">[x]</button> | ||
| <NavMenu :vertical="true" :is-authenticated="isAuthenticated" @logout="logout(); sidebarOpen = false" |
There was a problem hiding this comment.
Please use a dedicated method when you have to split commands with ;.
| async logout() { | ||
| this.unsetToken() | ||
| await this.$apolloHelpers.onLogout() | ||
| await this.$nuxt.refresh() |
There was a problem hiding this comment.
Components should be reactive. Refetching data manually shouldn't be necessary.
There was a problem hiding this comment.
It shouldn't, but somehow the tests fail otherwise 🤷♂️
| <style scoped> | ||
| </style> No newline at end of file |
There was a problem hiding this comment.
| <style scoped> | |
| </style> |
| @@ -0,0 +1,30 @@ | |||
| <template> | |||
| <nuxt-link @click.native="$emit('click')" :to="this.to" tag="div" class="flex"> | |||
| <BasicButton :color="this.color" class="flex-grow" :href="this.href"> | |||
| }, | ||
| computed: { | ||
| sortedNewsListItems () { | ||
| sortedNewsListItems() { |
There was a problem hiding this comment.
Did you change your lint configurations? 🤔
Having these changes creates noise and distracts from relevant changes. You probably want to exclude those changes from the PR being reviewed.
| <main> | ||
| <LoginForm/> | ||
| </div> | ||
| </main> |
|
Thanks for the review @roschaefer !
How do you run the app? To use Tailwind 2 I had to switch to yarn on the webapp side.
For this toy application, yes, that would prevent an attacker from listing user email addresses. I think rate-limits and captchas for both login and registration are better for providing security. |
I'm pretty sure I used Both for password reset and signup you don't have to expose user information. E.g. if the email address exists or not, you can send "We have sent an email with further instructions to ". There are best practices for that on the internet. |
Ah yes, that's a nice way to get around that issue, thanks! |
No description provided.