Felix Förtsch
1de5b8a89e
All checks were successful
Build and Push Docker Image / build (push) Successful in 1m30s
worked through AUDIT.md. triage: - finding 2 (subtitle rescan wipes decisions): confirmed. /:id/rescan now snapshots custom_titles and calls reanalyze() after the stream delete/ insert, mirroring the review rescan flow. exported reanalyze + titleKey from review.ts so both routes share the logic. - finding 3 (scan limit accepts NaN/negatives): confirmed. extracted parseScanLimit into a pure helper, added unit tests covering NaN, negatives, floats, infinity, numeric strings. invalid input 400s and releases the scan_running lock. - finding 4 (parseId lenient): confirmed. tightened the regex to /^\d+$/ so "42abc", "abc42", "+42", "42.0" all return null. rewrote the test that codified the old lossy behaviour. - finding 5 (setup_complete set before jellyfin test passes): confirmed. the /jellyfin endpoint still persists url+key unconditionally, but now only flips setup_complete=1 on a successful connection test. - finding 6 (swallowed errors): partial. the mqtt restart and version- fetch swallows are intentional best-effort with downstream surfaces (getMqttStatus, UI fallback). only the scan.ts db-update swallow was a real visibility gap — logs via logError now. - finding 1 (auth): left as-is. redacting secrets on GET without auth on POST is security theater; real fix is an auth layer, which is a design decision not a bugfix. audit removed from the tree. - lint fail on ffmpeg.test.ts: formatted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
31 lines
1.0 KiB
TypeScript
31 lines
1.0 KiB
TypeScript
import type { Context } from "hono";
|
|
|
|
/**
|
|
* Parse a route param as a positive integer id. Returns null if invalid.
|
|
* Strict: rejects mixed strings like "42abc" that Number.parseInt would
|
|
* accept — route params must be wholly numeric or the request is bad.
|
|
*/
|
|
export function parseId(raw: string | undefined): number | null {
|
|
if (!raw || !/^\d+$/.test(raw)) return null;
|
|
const n = Number.parseInt(raw, 10);
|
|
return Number.isFinite(n) && n > 0 ? n : null;
|
|
}
|
|
|
|
/**
|
|
* Require a positive integer id param. Returns the id, or responds 400
|
|
* and returns null. Callers check for null and return the response.
|
|
*/
|
|
export function requireId(c: Context, name: string): number | null {
|
|
const id = parseId(c.req.param(name));
|
|
if (id == null) {
|
|
c.status(400);
|
|
return null;
|
|
}
|
|
return id;
|
|
}
|
|
|
|
/** True if value is one of the allowed strings. */
|
|
export function isOneOf<T extends string>(value: unknown, allowed: readonly T[]): value is T {
|
|
return typeof value === "string" && (allowed as readonly string[]).includes(value);
|
|
}
|