Harden codebase: fix bugs, remove dead code, improve security and performance

Server:
- Fix broken comment update/delete (was querying snippetId=0, added getComment(id))
- Remove insecure /api/test-import endpoint (no auth, hardcoded user)
- Add auth + ownership checks to collection GET/list endpoints
- Add privacy check to GET /api/snippets/:id (private snippets hidden from non-owners)
- Eliminate triple-fallback pattern (simpleStorage → storage → raw SQL) in routes
- Remove 400-line dead MemStorage class and simple-storage.ts module
- Fix DatabaseStorage: static db import instead of dynamic import in every method
- Remove error stack traces from API error responses
- Add parseId() helper for numeric route param validation
- Cascade snippet deletion to comments table
- Add request body size limit (1mb)
- Clean up duplicate 404 handlers, excessive debug logging
- Remove debug/fix files: db_fix.js, storage_fix.js, debug_storage.ts, winston-test.ts

Client:
- Fix transformSnippet falsy-value bug (|| → ?? for viewCount:0, isFavorite:false)
- Fix CommentSection calling apiRequest with wrong argument order
- Fix Tags.tsx using non-existent 'tag' prop instead of 'tags' array
- Fix Layout.tsx passing unsupported 'isPublicView' prop to Header
- Fix 5 components importing non-existent 'useAuth' export from AuthContext
- Fix useAuthenticatedFetch sending uid instead of Firebase ID token
- Fix ForgotPasswordForm: wire directly to Firebase sendPasswordResetEmail
- Simplify AuthContext: remove DOM notification system, localStorage sync hack
- Remove dead components: AdvancedSearch, CreateSnippetModal, FixedLucideIcon,
  GlobalSVGMonitor, ThemeSelector, TagCloud
- Remove dead files: firebase-config.js, all .backup files, SnippetCard.test.tsx
- Strip ~200 lines of console.log debug noise across components
- Remove window.location.reload() from import success flow

Build/deps:
- Remove 16 unused npm dependencies (passport, express-session, framer-motion, etc.)
- Remove Replit plugin code from vite.config.ts
- Remove winston-test.ts from build output, enable tree-shaking
- Fix CI workflow: correct script names, update to actions v4 + Node 20
- Fix check-no-hardcode.sh: filename typo and subshell variable bug
- Fix server/vite.ts allowedHosts type error
- Zero TypeScript errors, clean build

Made-with: Cursor

Author: hexawulf

.github/workflows/ci.yml

@@ -1,97 +1,29 @@
-name: CodePatchwork CI/CD
+name: CodePatchwork CI
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    
-    - name: Setup Node.js
-      uses: actions/setup-node@v3
-      with:
-        node-version: 18
-        cache: 'npm'
-        
-    - name: Install dependencies
-      run: npm ci
-      
-    - name: Check types
-      run: npm run typecheck
-      
-    - name: Lint code
-      run: npm run lint
-      
-    - name: Build project
-      run: npm run build
-      
-    - name: Cache build output
-      uses: actions/cache@v3
-      with:
-        path: |
-          dist
-          node_modules
-        key: ${{ runner.os }}-build-${{ github.sha }}
-        restore-keys: |
-          ${{ runner.os }}-build-
-          
-  test:
-    needs: build
-    runs-on: ubuntu-latest
-    
-    services:
-      postgres:
-        image: postgres:latest
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: codepatchwork_test
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-          
-    steps:
-    - uses: actions/checkout@v3
-    
-    - name: Setup Node.js
-      uses: actions/setup-node@v3
-      with:
-        node-version: 18
-        cache: 'npm'
-        
-    - name: Restore cached build
-      uses: actions/cache@v3
-      with:
-        path: |
-          dist
-          node_modules
-        key: ${{ runner.os }}-build-${{ github.sha }}
-        
-    - name: Run database migrations
-      run: npm run db:push
-      env:
-        DATABASE_URL: postgres://postgres:postgres@localhost:5432/codepatchwork_test
-        
-    - name: Run tests
-      run: npm test
-      env:
-        DATABASE_URL: postgres://postgres:postgres@localhost:5432/codepatchwork_test
-        
-  deploy:
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-    needs: test
-    runs-on: ubuntu-latest
-    
-    steps:
-    - name: Deploy to production
-      run: echo "Ready for deployment! This step would typically deploy to your hosting provider."
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run check
+
+      - name: Build
+        run: npm run build

client/src/App.tsx

@@ -1,15 +1,12 @@
-// client/src/App.tsx
-
-import React, { useEffect, useState, lazy, Suspense } from "react";
-import { Redirect, Switch, Route } from "wouter"; // Added Redirect
+import React, { useEffect, lazy, Suspense } from "react";
+import { Redirect, Switch, Route } from "wouter";
 import { TooltipProvider } from "@/components/ui/tooltip";
 import { ThemeProvider } from "@/contexts/ThemeContext";
 import { CodeThemeProvider } from "@/contexts/CodeThemeContext";
 import { SnippetProvider } from "@/contexts/SnippetContext";
 import { CollectionProvider } from "@/contexts/CollectionContext";
 import { useAuthContext } from "@/contexts/AuthContext";
 
-// Lazy load pages for better performance
 const NotFound = lazy(() => import("@/pages/not-found"));
 const Home = lazy(() => import("@/pages/Home"));
 const PublicHome = lazy(() => import("@/pages/PublicHome"));
@@ -20,26 +17,24 @@ const Tags = lazy(() => import("@/pages/Tags"));
 const Settings = lazy(() => import("@/pages/Settings"));
 const SharedSnippet = lazy(() => import("@/pages/SharedSnippet"));
 
-// Loading spinner for lazy-loaded pages
 const PageLoader = () => (
   <div className="h-screen flex items-center justify-center">
     <div className="animate-spin h-8 w-8 border-t-2 border-b-2 border-blue-500 rounded-full"></div>
   </div>
 );
 
-// Renamed from Router to AuthenticatedRouter
 function AuthenticatedRouter() {
   return (
     <Suspense fallback={<PageLoader />}>
       <Switch>
-        <Route path="/" component={Home} /> {/* Authenticated home/dashboard */}
+        <Route path="/" component={Home} />
         <Route path="/snippets" component={Snippets} />
         <Route path="/collections" component={Collections} />
         <Route path="/collections/:id" component={CollectionDetail} />
         <Route path="/tags" component={Tags} />
         <Route path="/settings" component={Settings} />
         <Route path="/shared/:shareId" component={SharedSnippet} />
-        <Route path="/login"><Redirect to="/" /></Route> {/* Added for authenticated users */}
+        <Route path="/login"><Redirect to="/" /></Route>
         <Route component={NotFound} />
       </Switch>
     </Suspense>
@@ -51,131 +46,60 @@ function PublicRouter() {
     <Suspense fallback={<PageLoader />}>
       <Switch>
         <Route path="/" component={PublicHome} />
-        <Route path="/login" component={SignInTriggerPage} /> {/* Added for unauthenticated users */}
+        <Route path="/login" component={SignInTriggerPage} />
         <Route path="/shared/:shareId" component={SharedSnippet} />
-        {/* For non-matched routes, redirect to PublicHome */}
         <Route component={PublicHome} />
       </Switch>
     </Suspense>
   );
 }
 
-// SignInTriggerPage Helper Component
 const SignInTriggerPage: React.FC = () => {
-  const { signIn, user, loading } = useAuthContext(); // useAuthContext is already imported
+  const { signIn, user, loading } = useAuthContext();
+
   useEffect(() => {
-    // Only attempt to sign in if not already authenticated and not loading
     if (!user && !loading) {
       signIn();
     }
   }, [signIn, user, loading]);
 
-  // If already logged in (e.g., due to fast auth resolution), redirect to home.
   if (user) {
     return <Redirect to="/" />;
   }
-  // If still loading auth state
-  if (loading) {
-    return (
-      <div className="h-screen flex flex-col items-center justify-center">
-        <div className="mb-4">Loading authentication...</div>
-        <div className="animate-spin h-8 w-8 border-t-2 border-b-2 border-blue-500 rounded-full"></div>
-      </div>
-    );
-  }
-  // Default state while sign-in is being triggered or if user backs out of Google prompt
-  return (
-    <div className="h-screen flex flex-col items-center justify-center">
-      <p>Redirecting to sign-in...</p>
-      {/* Or redirect to PublicHome if sign-in is not immediate / user needs to click again */}
-      {/* For now, this message is fine as signIn() should overlay Google prompt */}
-    </div>
-  );
-};
 
-// Added debug component to show authentication state
-function AuthDebug({ user, loading }: { user: any, loading: boolean }) {
   return (
-    <div className="fixed bottom-4 right-4 bg-gray-800 text-white p-2 rounded text-xs opacity-80 z-50">
-      <div>Auth Status: {loading ? "Loading" : user ? "Authenticated" : "Not Authenticated"}</div>
-      {user && (
-        <div>
-          User: {user.email || "No email"}<br />
-          ID: {user.id?.substring(0, 8) || "No ID"}
-        </div>
+    <div className="h-screen flex flex-col items-center justify-center">
+      <div className="mb-4">{loading ? "Loading authentication..." : "Redirecting to sign-in..."}</div>
+      {loading && (
+        <div className="animate-spin h-8 w-8 border-t-2 border-b-2 border-blue-500 rounded-full"></div>
       )}
     </div>
   );
-}
+};
 
 export default function App() {
-  const { user, loading } = useAuthContext(); // Removed signIn from here as it's not used directly for button anymore
-  const [showDebug, setShowDebug] = useState(false);
-
-  // Add explicit debugging to track auth state
-  useEffect(() => {
-    console.log("[App] Auth state in App.tsx:", { 
-      user: user ? { id: user.id, email: user.email } : null, 
-      loading 
-    });
-    console.log("[App] Is user null?", user === null);
-    console.log("[App] Authentication state:", loading ? "loading" : user ? "authenticated" : "not authenticated");
-  }, [user, loading]);
+  const { user, loading } = useAuthContext();
 
-  // Setup keyboard shortcuts (theme is now handled by ThemeContext)
-  useEffect(() => {
-    // Toggle debug panel with key press (Alt+D)
-    const handleKeyDown = (e: KeyboardEvent) => {
-      if (e.altKey && e.key === 'd') {
-        setShowDebug(prev => !prev);
-      }
-    };
-    
-    window.addEventListener('keydown', handleKeyDown);
-    return () => window.removeEventListener('keydown', handleKeyDown);
-  }, []);
-
-  // Try to restore from localStorage if no user but we have a saved one
-  useEffect(() => {
-    if (!loading && !user) {
-      try {
-        const savedUser = localStorage.getItem('auth_user');
-        if (savedUser) {
-          console.log("[App] Found saved user in localStorage, but not reflected in context");
-        }
-      } catch (e) {
-        console.error("[App] localStorage error:", e);
-      }
-    }
-  }, [user, loading]);
-
-  // 1) Still waiting for Firebase → show spinner or placeholder
   if (loading) {
-    console.log("[App] Currently loading, showing loading state");
     return (
       <div className="h-screen flex flex-col items-center justify-center">
-        <div className="mb-4">Loading authentication...</div>
+        <div className="mb-4">Loading...</div>
         <div className="animate-spin h-8 w-8 border-t-2 border-b-2 border-blue-500 rounded-full"></div>
-        {showDebug && <AuthDebug user={user} loading={loading} />}
       </div>
     );
   }
 
-  // 2) Routing logic based on authentication state
-  // PublicHome will now handle the sign-in prompt.
-  console.log(`[App] Rendering routers. User: ${user ? user.id : 'null'}, Loading: ${loading}`);
   return (
     <ThemeProvider>
       <CodeThemeProvider>
-        <SnippetProvider> {/* SnippetProvider might be needed by SharedSnippet too */}
-          <CollectionProvider> {/* CollectionProvider might be needed by SharedSnippet too */}
+        <SnippetProvider>
+          <CollectionProvider>
             <TooltipProvider>
               {user ? <AuthenticatedRouter /> : <PublicRouter />}
-              {showDebug && <AuthDebug user={user} loading={loading} />}
             </TooltipProvider>
           </CollectionProvider>
         </SnippetProvider>
       </CodeThemeProvider>
     </ThemeProvider>
   );
-}
+}

client/src/components/AddSnippetDialog.tsx

@@ -108,7 +108,7 @@ export default function AddSnippetDialog({
         snippet
       );
 
-      console.log(isEditing ? "Snippet updated successfully:" : "Snippet created successfully:", result);
+      // Success
 
       toast({
         title: "Success",