phx.gen.auth sets current_scope, not current_user. Use !! to
ensure boolean for HEEx template and register_and_log_in_user
in tests for proper auth session.
- LiveView-based email/password auth via mix phx.gen.auth
- Auth links removed from public navigation (direct URL access only)
- Accounts context with User schema and token management
1. Rename goto_engineering_post_page/2 to visit_engineering_path/2 for
better accuracy (used for both post pages and tag pages)
2. Simplify Makefile test target by removing explicit ecto.create and
ecto.migrate commands (mix test handles migrations automatically)
3. Update blog_test.exs header comment to reflect actual changes made
4. Move Sandbox alias to top level in data_case.ex
- Add Accept: application/json headers to all API endpoint tests
- Add GET /blog/releases/tag/:tag HTML page test
- Add GET /api/blog/*/tag/:tag JSON API tests for both blogs
- Fix feed.xml assertions to check body first, then content type
Ran a claude /security-review, fixed two vulnerabilities
Use a plug to resolve blog_id, returning a clean 404 for unknown blogs
instead of raising with inspect(). Parse page param with Integer.parse
so invalid values (non-numeric, negative, zero) fall back to page 1
instead of crashing. Add 5 tests covering these cases.a
Goal: have a personal blog, and try out another point in the 'modular
app design with elixir' space.
Designing OTP systems with elixir had some interesting ideas.
