Fix TigerTag dropdown: fetch from TigerTag API with hardcoded fallback

[sjordan0228]

Summary

TigerTag writer dropdowns now fetch materials and brands from the TigerTag API on page load. Hardcoded options remain as fallback if the API is unreachable.

Changes

• Add API fetch for materials from api.tigertag.io/api:tigertag/SpoolmanDB/materials
• Add API fetch for brands from api.tigertag.io/api:tigertag/brand/get/all
• Fix CSS dropdown option visibility on light-mode browsers
• Hardcoded options stay as fallback on API failure

How to Test

1. Flash firmware to ESP32
2. Open spoolsense.local/writer/tigertag
3. Verify material dropdown has ~90 materials (vs ~25 hardcoded)
4. Verify brand dropdown has full brand list
5. Disconnect WiFi — verify hardcoded options still show

Checklist

• Tested on hardware (ESP32-S3)
• Compiles for both targets
• No new heap allocations (API fetch uses browser JS, not ESP32 memory)

Closes #1

Summary by CodeRabbit

• New Features

  • Material and brand dropdowns now dynamically populate and sort from live data.
  • Selecting a material can auto-fill temperature fields.
  • Added an inline hint/link to request a new brand.
  • Network fetches now fail gracefully, leaving existing options intact on error.

• Style

  • Improved select styling with enhanced dark-mode colors and automatic light-mode support.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 32d24edf-6d0f-4161-9ed0-ace968993505

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Dark/light styling for .field select option was adjusted and a prefers-color-scheme light override added; the TigerTag writer page now loads materials and brands from TigerTag API on init, validates responses, repopulates selects (preserving selection), autofills temperature fields from material data, and falls back to hardcoded options on errors.

Changes

Cohort / File(s)	Summary
Select Element Styling src/SharedCSS.h	Changed .field select option dark-mode background to #1a1d24 and text to #e5e7eb; added @media (prefers-color-scheme: light) override to set background:#fff and `color:`#111.
TigerTag Dropdown Population & Autofill src/TigerTagWriterHTML.h	Added client-side TigerTag API loading on page init with loadTigerTagAPI(), validateResponse(), and populateSelect() functions; sorts and repopulates material_id and brand_id selects, preserves previous selections, adds materialData lookup and autoFillFromMaterial() to fill nozzle/bed temps, and wraps fetches in try/catch to keep hardcoded fallbacks on failure.

Sequence Diagram(s)

sequenceDiagram
    participant Page as Writer Page (Client)
    participant DOM as Selects / Inputs
    participant API as api.tigertag.io (External)

    Page->>API: GET /materials
    Page->>API: GET /brands
    API-->>Page: materials JSON
    API-->>Page: brands JSON
    Page->>Page: validateResponse()
    Page->>DOM: populateSelect(material_id, materials)
    Page->>DOM: populateSelect(brand_id, brands)
    DOM-->>Page: user selects material
    Page->>Page: autoFillFromMaterial(selected)
    Page->>DOM: set nozzle/bed temp inputs

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A bunny hopped by to tweak the view,
Options now contrast in dark and light hue,
Fetching brands and materials with care,
Filling temps and keeping fallbacks there,
I nibble on code and celebrate anew. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main changes: fetching TigerTag dropdowns from API with hardcoded fallback, matching the primary objective of the PR.
Description check	✅ Passed	The description follows the template structure, includes summary, changes, testing steps, and checklist. All required sections are present and adequately filled.
Linked Issues check	✅ Passed	The PR addresses the linked issue #1 by fixing CSS visibility for dropdown options and implementing API fetch with hardcoded fallback to resolve invisible text problems.
Out of Scope Changes check	✅ Passed	All changes are scoped to TigerTag dropdown functionality and CSS styling for options, directly addressing the linked issue #1 with no extraneous modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/tigertag-dropdown

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sjordan0228]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🧹 Nitpick comments (1)

src/TigerTagWriterHTML.h (1)

310-327: Consider adding validation to populateSelect for defense-in-depth.

Lines 316–317 use API data directly without validation. While current API data is confirmed clean (0 invalid rows across materials and brands endpoints), the code should validate before populating options. This prevents potential issues if API data quality changes and ensures downstream uint16_t encoding in src/WebServerManager.cpp (lines 870, 884) receives only valid IDs in the 0–65535 range.

Suggested hardening patch

 function populateSelect(selectId, items, valueFn, labelFn) {
   var el = document.getElementById(selectId);
+  if (!el || !Array.isArray(items)) return;
   var currentVal = el.value;
   var frag = document.createDocumentFragment();
   items.forEach(function(item) {
+    var rawValue = valueFn(item);
+    var value = Number(rawValue);
+    var label = String(labelFn(item) || '').trim();
+    if (!Number.isInteger(value) || value < 0 || value > 65535 || !label) return;
     var opt = document.createElement('option');
-    opt.value = valueFn(item);
-    opt.textContent = labelFn(item);
+    opt.value = String(value);
+    opt.textContent = label;
     frag.appendChild(opt);
   });
+  if (!frag.firstChild) return; // keep hardcoded fallback
   el.innerHTML = '';
   el.appendChild(frag);
   // Restore previous selection if it exists
   if (currentVal) {
     el.value = currentVal;
     if (!el.value) el.selectedIndex = 0;
   }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/TigerTagWriterHTML.h` around lines 310 - 327, populateSelect currently
trusts API data and inserts option values directly, risking invalid or
out-of-range IDs reaching uint16_t encoding in WebServerManager (e.g., places
handling material/brand IDs). Add validation in populateSelect: before creating
each option call valueFn(item) and ensure it's a finite integer within 0–65535
(and non-negative), and skip or coerce invalid entries; also validate
labelFn(item) returns a safe string (fallback to empty or "Unknown"); keep
existing selection restore logic. Reference: function populateSelect and the
valueFn/labelFn callbacks so the checks are applied where items are iterated.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/TigerTagWriterHTML.h`:
- Around line 310-327: populateSelect currently trusts API data and inserts
option values directly, risking invalid or out-of-range IDs reaching uint16_t
encoding in WebServerManager (e.g., places handling material/brand IDs). Add
validation in populateSelect: before creating each option call valueFn(item) and
ensure it's a finite integer within 0–65535 (and non-negative), and skip or
coerce invalid entries; also validate labelFn(item) returns a safe string
(fallback to empty or "Unknown"); keep existing selection restore logic.
Reference: function populateSelect and the valueFn/labelFn callbacks so the
checks are applied where items are iterated.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 32f5d22a-1ce0-4457-ba63-158994552dce

📥 Commits

Reviewing files that changed from the base of the PR and between 8df3779 and c4d5e34.

📒 Files selected for processing (2)

• src/SharedCSS.h
• src/TigerTagWriterHTML.h

[sjordan0228]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/TigerTagWriterHTML.h`:
- Line 108: The anchor opening the external issues URL uses target="_blank"
without protection against tabnabbing; update the HTML string in
TigerTagWriterHTML.h that contains the link with
href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" and link
text "Request a new brand →" to include rel="noopener noreferrer" alongside
target="_blank" so the anchor is hardened against tabnabbing.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d56ab955-8db2-435f-839e-bd8a045c98d0

📥 Commits

Reviewing files that changed from the base of the PR and between 8df3779 and 753ffa2.

📒 Files selected for processing (2)

• src/SharedCSS.h
• src/TigerTagWriterHTML.h

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Harden external _blank link against tabnabbing.

Line 108 opens a third-party URL in a new tab without rel="noopener noreferrer".

🔐 Proposed fix

-                  Brand not listed? Use Generic. <a href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" target="_blank" style="color:var(--blue)">Request a new brand &rarr;</a>
+                  Brand not listed? Use Generic. <a href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" target="_blank" rel="noopener noreferrer" style="color:var(--blue)">Request a new brand &rarr;</a>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Brand not listed? Use Generic. <a href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" target="_blank" style="color:var(--blue)">Request a new brand &rarr;</a>
	Brand not listed? Use Generic. <a href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" target="_blank" rel="noopener noreferrer" style="color:var(--blue)">Request a new brand &rarr;</a>

🧰 Tools

🪛 Clang (14.0.6)

[error] 108-108: expected identifier or '('

(clang-diagnostic-error)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/TigerTagWriterHTML.h` at line 108, The anchor opening the external issues
URL uses target="_blank" without protection against tabnabbing; update the HTML
string in TigerTagWriterHTML.h that contains the link with
href="https://github.com/TigerTag-Project/TigerTag-RFID-Guide/issues" and link
text "Request a new brand →" to include rel="noopener noreferrer" alongside
target="_blank" so the anchor is hardened against tabnabbing.

[sjordan0228]

Fixed — added rel="noopener noreferrer" to the external link.

[sjordan0228]

All CodeRabbit findings addressed. API fetch working with validation, auto-fill temps, fallback to hardcoded, and tabnabbing fix applied. Tested on ESP32-S3. Merging to dev.