Skip to content

v1.2.0 — Tabs, Security Hardening & PDF Reliability

Choose a tag to compare

View all tags
@ankit2101 ankit2101 released this 07 Mar 08:36
· 27 commits to main since this release
v1.2.0
ae7bb49

What's New

Admin Panel

  • Tabbed dashboard — Admin panel now has four tabs: Upload, Content, Students, and Progress, replacing the previous single scrolling page
  • Predefined subject dropdown — Subjects are now selected from a fixed list (Maths, Physics, Chemistry, Biology, History, Civics, Geography, Hindi, English) in both single and bulk upload forms

Bulk Upload

  • Sequential file processing — Files are uploaded one at a time to avoid 32 MB limits and 504 gateway timeouts on large PDFs
  • Live progress indicator — Each file row updates in real time as it is processed; the button shows "Processing N of M…"
  • Automatic duplicate handling — If a chapter name already exists, a numeric suffix is appended automatically (e.g. Chapter 1 (2))

PDF Extraction

  • 3-strategy cascade — Text extraction now tries pdftotext (poppler C binary) first, then pypdf, then pdfplumber as a final fallback
  • Eliminates 504 Gateway Timeout errors caused by Python-based parsers hanging on complex or large PDFs

Security Hardening (pen-test fixes)

  • Login rate limit tightened/api/admin/login and /api/student/login are now limited to 5 requests/minute with burst=2 (previously shared the general 30 r/m zone)
  • Username enumeration fixed — Student login now returns the same generic error for both "name not found" and "wrong PIN" cases
  • Retry-After: 60 header — All 429 responses now include a Retry-After header and a JSON body instead of nginx HTML
  • HTTP bare-IP redirect — Direct HTTP access via IP now returns a 301 redirect to the HTTPS hostname
  • API error handling — Frontend gracefully handles non-JSON nginx error responses (429, 502, 503) instead of throwing a parse error

Fixes

  • Fixed pdftotext not found in gunicorn process due to systemd PATH restriction — now uses absolute path /usr/bin/pdftotext

Upgrade Notes

  • Install poppler-utils on the server if not already present: sudo apt install poppler-utils
  • No database migrations required
  • Rebuild frontend: cd frontend && npm run build
Assets 2
Loading