Compare commits

...

3 Commits

Author SHA1 Message Date
hikari e8610667b5 fix: silently reload on ChunkLoadError after deployments
Node.js CI / CI (pull_request) Successful in 1m47s
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m53s
Stale chunk errors occur when a user has an old version of the app cached
after a redeployment. Detect ChunkLoadError before logging so the page
reloads automatically without showing a toast or sending noise to the API.
2026-02-23 20:11:46 -08:00
hikari b81b77ac2f fix: omit audit log entries for 401s on /api/auth/me
Token expiry probes against /api/auth/me are expected behaviour during
the refresh flow and should not generate unauthorized access audit events.
2026-02-23 20:09:36 -08:00
hikari fa4c1d8958 fix: correct base64 cover image validation for books, shows, manga, music
Remove premature URL length check that ran before data URL detection,
causing all base64 uploads to be incorrectly rejected. Also fix size
calculation to use only the base64 data portion (after the comma) rather
than the full data URL string, matching the correct pattern already in
game.service.ts.
2026-02-23 20:06:22 -08:00
6 changed files with 27 additions and 22 deletions
+2 -2
View File
@@ -22,8 +22,8 @@ export async function app(fastify: FastifyInstance, opts: AppOptions) {
});
}
// Log unauthorized access attempts
if (error.statusCode === 401 || error.statusCode === 403) {
// Log unauthorized access attempts (exclude /api/auth/me as 401s there are expected during token refresh)
if ((error.statusCode === 401 || error.statusCode === 403) && request.url !== '/api/auth/me') {
await AuditService.log({
action: AuditAction.unauthorizedAccess,
category: AuditCategory.security,
+5 -5
View File
@@ -36,10 +36,6 @@ export class BookService {
if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) {
throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`);
}
if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) {
throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`);
}
// Validate rating
if (!validateRating(data.rating)) {
throw new Error("Rating must be an integer between 0 and 10.");
@@ -47,7 +43,11 @@ export class BookService {
if (data.coverImage) {
if (data.coverImage.startsWith("data:")) {
const sizeInBytes = data.coverImage.length * 0.75;
const base64Data = data.coverImage.split(",")[1];
if (!base64Data) {
throw new Error("Invalid image data URL format.");
}
const sizeInBytes = base64Data.length * 0.75;
if (sizeInBytes > MAX_LENGTHS.DATA_URL) {
throw new Error("Cover image must be under 5MB.");
}
+5 -5
View File
@@ -33,10 +33,6 @@ export class MangaService {
if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) {
throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`);
}
if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) {
throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`);
}
// Validate rating
if (!validateRating(data.rating)) {
throw new Error("Rating must be an integer between 0 and 10.");
@@ -45,7 +41,11 @@ export class MangaService {
// Validate cover image URL
if (data.coverImage) {
if (data.coverImage.startsWith("data:")) {
const sizeInBytes = data.coverImage.length * 0.75;
const base64Data = data.coverImage.split(",")[1];
if (!base64Data) {
throw new Error("Invalid image data URL format.");
}
const sizeInBytes = base64Data.length * 0.75;
if (sizeInBytes > MAX_LENGTHS.DATA_URL) {
throw new Error("Cover image must be under 5MB.");
}
+5 -5
View File
@@ -33,10 +33,6 @@ export class MusicService {
if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) {
throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`);
}
if (!validateStringLength(data.coverArt, MAX_LENGTHS.URL)) {
throw new Error(`Cover art URL must be ${MAX_LENGTHS.URL} characters or less.`);
}
// Validate rating
if (data.rating !== undefined && !validateRating(data.rating)) {
throw new Error("Rating must be an integer between 0 and 10.");
@@ -45,7 +41,11 @@ export class MusicService {
// Validate cover art URL
if (data.coverArt) {
if (data.coverArt.startsWith("data:")) {
const sizeInBytes = data.coverArt.length * 0.75;
const base64Data = data.coverArt.split(",")[1];
if (!base64Data) {
throw new Error("Invalid image data URL format.");
}
const sizeInBytes = base64Data.length * 0.75;
if (sizeInBytes > MAX_LENGTHS.DATA_URL) {
throw new Error("Cover image must be under 5MB.");
}
+5 -5
View File
@@ -30,10 +30,6 @@ export class ShowService {
if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) {
throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`);
}
if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) {
throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`);
}
// Validate rating
if (!validateRating(data.rating)) {
throw new Error("Rating must be an integer between 0 and 10.");
@@ -42,7 +38,11 @@ export class ShowService {
// Validate cover image URL
if (data.coverImage) {
if (data.coverImage.startsWith("data:")) {
const sizeInBytes = data.coverImage.length * 0.75;
const base64Data = data.coverImage.split(",")[1];
if (!base64Data) {
throw new Error("Invalid image data URL format.");
}
const sizeInBytes = base64Data.length * 0.75;
if (sizeInBytes > MAX_LENGTHS.DATA_URL) {
throw new Error("Cover image must be under 5MB.");
}
@@ -12,6 +12,11 @@ export class GlobalErrorHandler implements ErrorHandler {
private toast = inject(ToastService);
handleError(error: Error): void {
if (error.name === 'ChunkLoadError' || error.message.includes('Loading chunk')) {
window.location.reload();
return;
}
console.error('Global error caught:', error);
// Show user-friendly error message