13 KiB
13 KiB
Transcript Modal & Delete Implementation Plan
For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
Goal: Add transcript delete and a markdown-rendering modal viewer, removing the existing preview section.
Architecture: Two new REST endpoints (GET + DELETE /transcripts/{filename}) with path-confinement security. Frontend gains a full-screen modal using marked.js + DOMPurify for safe rendering; the static preview div is removed entirely. Each list item gets a trash icon that stops event propagation so it doesn't trigger the modal.
Tech Stack: FastAPI (existing), marked.js 14 + DOMPurify 3 via CDN, vanilla JS/CSS (no new build step)
Task 1: Backend — GET /transcripts/{filename}
Files:
- Modify:
api/router.py - Modify:
output.py - Test:
tests/test_api.py
Step 1: Write the failing test
Add to tests/test_api.py:
def test_get_transcript_returns_content(tmp_path, monkeypatch):
f = tmp_path / "2026-01-01-0900-test.md"
f.write_text("# Hello\n\ncontent here\n")
from unittest.mock import patch
with patch("api.router.current_user", return_value={"username": "", "output_dir": str(tmp_path), "is_admin": False}):
from fastapi.testclient import TestClient
from main import app
client = TestClient(app)
r = client.get("/transcripts/2026-01-01-0900-test.md",
headers={"Authorization": "Bearer fake"})
assert r.status_code == 200
assert "Hello" in r.text
def test_get_transcript_rejects_path_traversal(tmp_path):
from unittest.mock import patch
with patch("api.router.current_user", return_value={"username": "", "output_dir": str(tmp_path), "is_admin": False}):
from fastapi.testclient import TestClient
from main import app
client = TestClient(app)
r = client.get("/transcripts/..%2Fsecret.md",
headers={"Authorization": "Bearer fake"})
assert r.status_code == 404
Step 2: Run to verify it fails
pytest tests/test_api.py::test_get_transcript_returns_content tests/test_api.py::test_get_transcript_rejects_path_traversal -v
Expected: FAIL — 404 or 405 (route doesn't exist yet)
Step 3: Add read_transcript to output.py
def read_transcript(output_dir: str, filename: str) -> str | None:
"""Return file content if filename is a plain .md file inside output_dir."""
if os.path.basename(filename) != filename or not filename.endswith(".md"):
return None
path = os.path.join(output_dir, filename)
if not os.path.exists(path):
return None
with open(path, encoding="utf-8") as f:
return f.read()
Step 4: Add GET endpoint to api/router.py
Add after the existing get_transcripts endpoint:
@router.get("/transcripts/{filename}")
async def get_transcript(filename: str, user: dict = Depends(current_user)):
from output import read_transcript
from fastapi.responses import PlainTextResponse
user_dir = os.path.join(user["output_dir"], user["username"])
content = read_transcript(user_dir, filename)
if content is None:
raise HTTPException(status_code=404, detail="Nicht gefunden")
return PlainTextResponse(content)
Step 5: Run tests
pytest tests/test_api.py::test_get_transcript_returns_content tests/test_api.py::test_get_transcript_rejects_path_traversal -v
Expected: PASS
Step 6: Commit
git add output.py api/router.py tests/test_api.py
git commit -m "feat: GET /transcripts/{filename} — serve transcript content"
Task 2: Backend — DELETE /transcripts/{filename}
Files:
- Modify:
api/router.py - Test:
tests/test_api.py
Step 1: Write the failing tests
Add to tests/test_api.py:
def test_delete_transcript_removes_file(tmp_path):
f = tmp_path / "2026-01-01-0900-test.md"
f.write_text("content")
from unittest.mock import patch
with patch("api.router.current_user", return_value={"username": "", "output_dir": str(tmp_path), "is_admin": False}):
from fastapi.testclient import TestClient
from main import app
client = TestClient(app)
r = client.delete("/transcripts/2026-01-01-0900-test.md",
headers={"Authorization": "Bearer fake"})
assert r.status_code == 200
assert not f.exists()
def test_delete_transcript_rejects_path_traversal(tmp_path):
from unittest.mock import patch
with patch("api.router.current_user", return_value={"username": "", "output_dir": str(tmp_path), "is_admin": False}):
from fastapi.testclient import TestClient
from main import app
client = TestClient(app)
r = client.delete("/transcripts/..%2Fsecret.md",
headers={"Authorization": "Bearer fake"})
assert r.status_code == 404
Step 2: Run to verify they fail
pytest tests/test_api.py::test_delete_transcript_removes_file tests/test_api.py::test_delete_transcript_rejects_path_traversal -v
Expected: FAIL — route doesn't exist
Step 3: Add DELETE endpoint to api/router.py
@router.delete("/transcripts/{filename}")
async def delete_transcript(filename: str, user: dict = Depends(current_user)):
user_dir = os.path.join(user["output_dir"], user["username"])
if os.path.basename(filename) != filename or not filename.endswith(".md"):
raise HTTPException(status_code=404, detail="Nicht gefunden")
path = os.path.join(user_dir, filename)
if not os.path.exists(path):
raise HTTPException(status_code=404, detail="Nicht gefunden")
os.unlink(path)
return {"ok": True}
Step 4: Run tests
pytest tests/test_api.py::test_delete_transcript_removes_file tests/test_api.py::test_delete_transcript_rejects_path_traversal -v
Expected: PASS
Step 5: Commit
git add api/router.py tests/test_api.py
git commit -m "feat: DELETE /transcripts/{filename} — delete transcript with path-confinement check"
Task 3: Frontend — Remove preview section, add modal + marked.js + DOMPurify
Files:
- Modify:
frontend/index.html - Modify:
frontend/app.js
No automated tests; manual verification checklist at end.
Step 1: Remove preview section from index.html
Delete this block from <main>:
<section class="preview-section">
<label>Vorschau</label>
<div id="preview">Noch keine Aufnahme verarbeitet.</div>
</section>
Delete these CSS rules (search for them by selector):
.preview-section#preview#preview.has-content
Step 2: Add script tags — replace existing <script src="/app.js"> line
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/dompurify/dist/purify.min.js"></script>
<script src="/app.js"></script>
Step 3: Add modal HTML + CSS
Add this block inside <main> before </main> closing tag (it's a fixed overlay, position doesn't matter):
<div id="modal" class="modal hidden" role="dialog" aria-modal="true">
<div class="modal-backdrop"></div>
<div class="modal-panel">
<div class="modal-header">
<span id="modal-title" class="modal-title"></span>
<div class="modal-actions">
<button id="modal-open-btn" class="modal-btn" title="Im Editor öffnen">
<svg width="16" height="16" viewBox="0 0 24 24" fill="currentColor">
<path d="M14 3h7v7h-2V6.41l-9.29 9.3-1.42-1.42L17.59 5H14V3zm-1 2H5a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2v-8h-2v8H5V7h8V5z"/>
</svg>
</button>
<button id="modal-close-btn" class="modal-btn" title="Schließen">✕</button>
</div>
</div>
<div id="modal-body" class="modal-body"></div>
</div>
</div>
Add CSS inside <style>:
.modal { position: fixed; inset: 0; z-index: 100; display: flex; align-items: center; justify-content: center; }
.modal.hidden { display: none; }
.modal-backdrop { position: absolute; inset: 0; background: rgba(0,0,0,0.7); }
.modal-panel {
position: relative; z-index: 1;
background: var(--surface); border: 1px solid var(--border); border-radius: 10px;
width: min(800px, 95vw); max-height: 85vh;
display: flex; flex-direction: column;
}
.modal-header {
display: flex; align-items: center; justify-content: space-between;
padding: 14px 18px; border-bottom: 1px solid var(--border);
flex-shrink: 0;
}
.modal-title { font-size: 0.9rem; font-weight: 600; }
.modal-actions { display: flex; gap: 8px; }
.modal-btn {
background: none; border: 1px solid var(--border); color: var(--muted);
border-radius: 6px; padding: 4px 8px; cursor: pointer; font-family: inherit;
font-size: 0.85rem; display: flex; align-items: center;
transition: border-color 0.15s, color 0.15s;
}
.modal-btn:hover { border-color: var(--red); color: var(--red); }
.modal-body {
padding: 20px 24px; overflow-y: auto; flex: 1;
font-size: 0.9rem; line-height: 1.7; color: var(--text);
}
.modal-body h1,.modal-body h2,.modal-body h3 { margin: 1em 0 0.4em; font-weight: 600; }
.modal-body h1 { font-size: 1.3rem; }
.modal-body h2 { font-size: 1.1rem; }
.modal-body p { margin: 0 0 0.8em; }
.modal-body ul,.modal-body ol { padding-left: 1.5em; margin: 0 0 0.8em; }
.modal-body code { background: var(--surface2); padding: 2px 5px; border-radius: 3px; font-size: 0.85em; }
.modal-body pre { background: var(--surface2); padding: 12px; border-radius: 6px; overflow-x: auto; margin: 0 0 0.8em; }
.modal-body pre code { background: none; padding: 0; }
.modal-body hr { border: none; border-top: 1px solid var(--border); margin: 1em 0; }
.del-btn {
background: none; border: none; color: var(--muted); cursor: pointer;
padding: 4px; border-radius: 4px; display: flex; align-items: center;
transition: color 0.15s; flex-shrink: 0;
}
.del-btn:hover { color: var(--red); }
Step 4: Update app.js
Remove these variable declarations at the top:
const preview = document.getElementById('preview');
Add these variable declarations at the top:
const modal = document.getElementById('modal');
const modalTitle = document.getElementById('modal-title');
const modalBody = document.getElementById('modal-body');
const modalOpenBtn = document.getElementById('modal-open-btn');
const modalCloseBtn = document.getElementById('modal-close-btn');
let _modalPath = null;
Add these functions and event listeners (after the logoutBtn listener):
function openModal(filename, path) {
_modalPath = path;
modalTitle.textContent = filename.replace(/\.md$/, '').replace(/^\d{4}-\d{2}-\d{2}-\d{4}-/, '');
modalBody.innerHTML = '';
modal.classList.remove('hidden');
apiFetch(`/transcripts/${encodeURIComponent(filename)}`)
.then(r => r.text())
.then(md => {
modalBody.innerHTML = DOMPurify.sanitize(marked.parse(md));
});
}
function closeModal() {
modal.classList.add('hidden');
_modalPath = null;
}
modalCloseBtn.addEventListener('click', closeModal);
modal.querySelector('.modal-backdrop').addEventListener('click', closeModal);
document.addEventListener('keydown', e => { if (e.key === 'Escape') closeModal(); });
modalOpenBtn.addEventListener('click', () => {
if (_modalPath) apiFetch('/open', { method: 'POST', body: JSON.stringify({ path: _modalPath }) });
});
In loadTranscripts, replace the existing div.addEventListener block and the div.append(name, meta) line with:
div.addEventListener('click', () => openModal(t.filename, t.path));
const delBtn = document.createElement('button');
delBtn.className = 'del-btn';
delBtn.title = 'Löschen';
delBtn.innerHTML = '<svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor"><path d="M9 3h6l1 1h4v2H4V4h4l1-1zm-3 5h12l-1 13H7L6 8zm5 2v9h2v-9h-2zm-3 0v9h2v-9H8zm8 0v9h2v-9h-2z"/></svg>';
delBtn.addEventListener('click', async (e) => {
e.stopPropagation();
await apiFetch(`/transcripts/${encodeURIComponent(t.filename)}`, { method: 'DELETE' });
loadTranscripts();
});
div.append(name, meta, delBtn);
Remove the WS handler block that references preview:
if (msg.event === 'transcribed' || msg.event === 'refined') {
const text = msg.raw || msg.markdown || '';
preview.textContent = text;
preview.classList.add('has-content');
}
Also remove the setStatus('idle') + preview.* lines from the click handler's reset branch — keep only the setStatus('idle') call.
Step 5: Manual verification checklist
Restart app (kill $(pgrep -f main.py) && .venv/bin/python main.py &), open browser:
- No "Vorschau" section visible
- Clicking a transcript item opens modal with rendered markdown
- Title in modal header shows human-readable name (date prefix stripped)
- Clicking backdrop or ✕ closes modal
- Pressing Escape closes modal
- "Im Editor öffnen" triggers xdg-open
- Trash icon deletes file and refreshes list
- Trash click does NOT open the modal
Step 6: Commit
git add frontend/index.html frontend/app.js
git commit -m "feat: transcript modal with markdown rendering, delete button, remove preview section"
Task 4: Run full test suite
pytest -v
Expected: all tests pass. Fix any regressions before pushing.
git push