Merge pull request #256 from erikdarlingdata/dev

Release v1.7.2 — operator self-time fix + decimal benefit %

Author: erikdarlingdata

server/PlanShare/Program.cs

@@ -44,8 +44,14 @@ created_at TEXT NOT NULL
     cmd.ExecuteNonQuery();
 }
 
+// --- Rate limiters (in-memory) ---
+// Created before Build() so they can be DI-registered and swept by CleanupService.
+var rateLimiter = new RateLimiter(maxRequests: 10, windowSeconds: 60);
+var analyticsRateLimiter = new RateLimiter(maxRequests: 30, windowSeconds: 60);
+
 // Register the cleanup background service
 builder.Services.AddSingleton(new PlanDbConfig(connectionString));
+builder.Services.AddSingleton(new RateLimiters(rateLimiter, analyticsRateLimiter));
 builder.Services.AddHostedService<CleanupService>();
 
 // Request size limit (10 MB)
@@ -54,10 +60,6 @@ created_at TEXT NOT NULL
 var app = builder.Build();
 app.UseCors();
 
-// --- Rate limiters (in-memory) ---
-var rateLimiter = new RateLimiter(maxRequests: 10, windowSeconds: 60);
-var analyticsRateLimiter = new RateLimiter(maxRequests: 30, windowSeconds: 60);
-
 const int MaxTtlDays = 365;
 
 // --- Endpoints ---
@@ -161,9 +163,15 @@ created_at TEXT NOT NULL
         return Results.BadRequest("Invalid JSON");
     }
 
-    // Strip referrer to domain only (no full URLs with query params)
-    if (!string.IsNullOrEmpty(referrer) && Uri.TryCreate(referrer, UriKind.Absolute, out var refUri))
-        referrer = refUri.Host;
+    // Strip referrer to domain only (no full URLs with query params).
+    // If it doesn't parse as an absolute URL, drop it — never persist raw
+    // client-supplied strings, since the dashboard renders referrers in HTML.
+    if (!string.IsNullOrEmpty(referrer))
+    {
+        referrer = Uri.TryCreate(referrer, UriKind.Absolute, out var refUri)
+            ? refUri.Host
+            : null;
+    }
 
     // Visitor hash: SHA256(IP + User-Agent + date) — unique per day, no PII stored
     var ua = ctx.Request.Headers.UserAgent.FirstOrDefault() ?? "";
@@ -352,14 +360,18 @@ static string GenerateDeleteToken()
 
 record PlanDbConfig(string ConnectionString);
 
+record RateLimiters(RateLimiter Share, RateLimiter Analytics);
+
 sealed class CleanupService : BackgroundService
 {
     private readonly PlanDbConfig _config;
+    private readonly RateLimiters _rateLimiters;
     private readonly ILogger<CleanupService> _logger;
 
-    public CleanupService(PlanDbConfig config, ILogger<CleanupService> logger)
+    public CleanupService(PlanDbConfig config, RateLimiters rateLimiters, ILogger<CleanupService> logger)
     {
         _config = config;
+        _rateLimiters = rateLimiters;
         _logger = logger;
     }
 
@@ -401,6 +413,14 @@ private void Cleanup()
                 if (deleted > 0)
                     _logger.LogInformation("Cleaned up {Count} old page views", deleted);
             }
+
+            // Evict stale rate-limiter keys so the dictionary doesn't grow forever.
+            var shareEvicted = _rateLimiters.Share.Sweep();
+            var analyticsEvicted = _rateLimiters.Analytics.Sweep();
+            if (shareEvicted + analyticsEvicted > 0)
+                _logger.LogInformation(
+                    "Evicted {Share} share + {Analytics} analytics rate-limit keys",
+                    shareEvicted, analyticsEvicted);
         }
         catch (Exception ex)
         {
@@ -441,4 +461,25 @@ public bool IsAllowed(string key)
             return true;
         }
     }
+
+    /// <summary>
+    /// Evicts keys whose timestamp lists have gone empty. Call periodically
+    /// so the dictionary doesn't grow forever across unique IPs.
+    /// Returns the number of keys evicted.
+    /// </summary>
+    public int Sweep()
+    {
+        var cutoff = DateTime.UtcNow.AddSeconds(-_windowSeconds);
+        var evicted = 0;
+        foreach (var kvp in _requests)
+        {
+            lock (kvp.Value)
+            {
+                kvp.Value.RemoveAll(t => t < cutoff);
+                if (kvp.Value.Count == 0 && _requests.TryRemove(kvp))
+                    evicted++;
+            }
+        }
+        return evicted;
+    }
 }

server/PlanShare/dashboard.html

@@ -275,13 +275,28 @@ <h3>Top Referrers (30 days)</h3>
     }
     function updateReferrers() {
         var tbody = document.querySelector("#referrersTable tbody");
+        tbody.replaceChildren();
         if (!planStats || !planStats.traffic.top_referrers.length) {
-            tbody.innerHTML = "<tr><td colspan='2' style='color:#484f58'>No referrer data yet</td></tr>";
+            var tr = document.createElement("tr");
+            var td = document.createElement("td");
+            td.setAttribute("colspan", "2");
+            td.style.color = "#484f58";
+            td.textContent = "No referrer data yet";
+            tr.appendChild(td);
+            tbody.appendChild(tr);
             return;
         }
-        tbody.innerHTML = planStats.traffic.top_referrers.map(function(r) {
-            return "<tr><td>" + r.referrer + "</td><td class='num'>" + fmt(r.count) + "</td></tr>";
-        }).join("");
+        planStats.traffic.top_referrers.forEach(function(r) {
+            var tr = document.createElement("tr");
+            var tdRef = document.createElement("td");
+            tdRef.textContent = r.referrer;
+            var tdCount = document.createElement("td");
+            tdCount.className = "num";
+            tdCount.textContent = fmt(r.count);
+            tr.appendChild(tdRef);
+            tr.appendChild(tdCount);
+            tbody.appendChild(tr);
+        });
     }
     function updateCharts() {
         updateChart("starsChart", "line", {

src/PlanViewer.App/AboutWindow.axaml.cs

@@ -56,7 +56,7 @@ private void SaveMcpSettings()
         }, new JsonSerializerOptions { WriteIndented = true });
 
         Directory.CreateDirectory(settingsDir);
-        File.WriteAllText(settingsFile, json);
+        Services.AtomicFile.WriteAllText(settingsFile, json);
     }
 
     private void GitHubLink_Click(object? sender, PointerPressedEventArgs e) => OpenUrl(GitHubUrl);

src/PlanViewer.App/Controls/PlanViewerControl.axaml.cs

@@ -801,6 +801,9 @@ private static string FormatBytes(double bytes)
         return $"{bytes / (1024L * 1024 * 1024):N1} GB";
     }
 
+    private static string FormatBenefitPercent(double pct) =>
+        pct >= 100 ? $"{pct:N0}" : $"{pct:N1}";
+
     #endregion
 
     #region Node Selection & Properties Panel
@@ -1737,7 +1740,7 @@ private void ShowPropertiesPanel(PlanNode node)
                         : w.Severity == PlanWarningSeverity.Warning ? "#FFB347" : "#6BB5FF";
                     var warnPanel = new StackPanel { Margin = new Thickness(10, 2, 10, 2) };
                     var planWarnHeader = w.MaxBenefitPercent.HasValue
-                        ? $"\u26A0 {w.WarningType} \u2014 up to {w.MaxBenefitPercent:N0}% benefit"
+                        ? $"\u26A0 {w.WarningType} \u2014 up to {FormatBenefitPercent(w.MaxBenefitPercent.Value)}% benefit"
                         : $"\u26A0 {w.WarningType}";
                     warnPanel.Children.Add(new TextBlock
                     {
@@ -1819,7 +1822,7 @@ private void ShowPropertiesPanel(PlanNode node)
                     : w.Severity == PlanWarningSeverity.Warning ? "#FFB347" : "#6BB5FF";
                 var warnPanel = new StackPanel { Margin = new Thickness(10, 2, 10, 2) };
                 var nodeWarnHeader = w.MaxBenefitPercent.HasValue
-                    ? $"\u26A0 {w.WarningType} \u2014 up to {w.MaxBenefitPercent:N0}% benefit"
+                    ? $"\u26A0 {w.WarningType} \u2014 up to {FormatBenefitPercent(w.MaxBenefitPercent.Value)}% benefit"
                     : $"\u26A0 {w.WarningType}";
                 warnPanel.Children.Add(new TextBlock
                 {

src/PlanViewer.App/Controls/QuerySessionControl.axaml.cs

@@ -78,11 +78,15 @@ public QuerySessionControl(ICredentialService credentialService, ConnectionStore
             QueryEditor.TextArea.Focus();
         };
 
-        // Dispose TextMate when detached (e.g. tab switch) to release renderers/transformers
+        // Dispose TextMate when detached (e.g. tab switch) to release renderers/transformers.
+        // Also cancel any in-flight status-clear dispatch so it doesn't fire on a dead control.
         DetachedFromVisualTree += (_, _) =>
         {
             _textMateInstallation?.Dispose();
             _textMateInstallation = null;
+            _statusClearCts?.Cancel();
+            _statusClearCts?.Dispose();
+            _statusClearCts = null;
         };
 
         // Focus the editor when the Editor tab is selected; toggle plan-dependent buttons

src/PlanViewer.App/Dialogs/QueryStoreHistoryWindow.axaml.cs

@@ -169,6 +169,16 @@ public static string MapOrderByToMetricTag(string orderBy)
             : "AvgCpuMs";
     }
 
+    protected override void OnClosed(EventArgs e)
+    {
+        // Cancel any in-flight history fetch so the SqlConnection doesn't sit open on the
+        // server after the dialog is dismissed.
+        _fetchCts?.Cancel();
+        _fetchCts?.Dispose();
+        _fetchCts = null;
+        base.OnClosed(e);
+    }
+
     private async System.Threading.Tasks.Task LoadHistoryAsync()
     {
         _fetchCts?.Cancel();

src/PlanViewer.App/PlanViewer.App.csproj

@@ -6,7 +6,7 @@
     <ApplicationManifest>app.manifest</ApplicationManifest>
     <ApplicationIcon>EDD.ico</ApplicationIcon>
     <AvaloniaUseCompiledBindingsByDefault>true</AvaloniaUseCompiledBindingsByDefault>
-    <Version>1.7.1</Version>
+    <Version>1.7.2</Version>
     <Authors>Erik Darling</Authors>
     <Company>Darling Data LLC</Company>
     <Product>Performance Studio</Product>

src/PlanViewer.App/Services/AppSettingsService.cs

@@ -59,7 +59,7 @@ public static void Save(AppSettings settings)
         {
             Directory.CreateDirectory(SettingsDir);
             var json = JsonSerializer.Serialize(settings, JsonOptions);
-            File.WriteAllText(SettingsPath, json);
+            AtomicFile.WriteAllText(SettingsPath, json);
         }
         catch
         {

src/PlanViewer.App/Services/AtomicFile.cs

@@ -0,0 +1,27 @@
+using System.IO;
+
+namespace PlanViewer.App.Services;
+
+/// <summary>
+/// Helper for atomic text-file writes: write to a sibling .tmp and rename
+/// into place so a crash mid-write can't truncate the target file. Callers
+/// are responsible for creating the parent directory first.
+/// </summary>
+internal static class AtomicFile
+{
+    /// <summary>
+    /// Writes <paramref name="contents"/> to <paramref name="path"/> atomically
+    /// with respect to process crashes. If the process dies before the rename,
+    /// <paramref name="path"/> keeps its previous contents and a stray
+    /// <c>.tmp</c> sibling is left behind (cleaned up on the next call).
+    /// </summary>
+    public static void WriteAllText(string path, string contents)
+    {
+        var tmp = path + ".tmp";
+        File.WriteAllText(tmp, contents);
+        // File.Move with overwrite:true maps to MoveFileEx(MOVEFILE_REPLACE_EXISTING)
+        // on Windows and rename(2) on Unix — both atomic when source and destination
+        // live on the same filesystem, which is always the case here.
+        File.Move(tmp, path, overwrite: true);
+    }
+}

src/PlanViewer.App/Services/ConnectionStore.cs

@@ -39,7 +39,7 @@ public void Save(List<ServerConnection> connections)
     {
         Directory.CreateDirectory(ConfigDir);
         var json = JsonSerializer.Serialize(connections, JsonOptions);
-        File.WriteAllText(ConfigFile, json);
+        AtomicFile.WriteAllText(ConfigFile, json);
     }
 
     public void AddOrUpdate(ServerConnection connection)