nhcarrigan/library
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests 54 Actions Releases 3 Activity

fix: base64 uploads, audit log noise, and stale chunk reloads #69

Merged
naomi merged 3 commits from fix/bugs into main 2026-02-23 20:37:52 -08:00
Conversation 0 Commits 3 Files Changed 6
+27 -22
hikari commented 2026-02-23 20:33:56 -08:00
Owner
Copy Link
Copy Source

Summary

  • Base64 cover image uploads broken for books, shows, manga, and music — a premature validateStringLength check ran before the data URL detection, rejecting all base64 images with a 2,048-char URL limit error. Also fixed the size calculation to extract only the base64 portion after the comma (matching the correct pattern already in game.service.ts).
  • Audit log flooded with expected 401s on /api/auth/me — these occur during normal token refresh flow and are not genuine security events. Excluded this URL from the global 401/403 audit log handler.
  • ChunkLoadError spam after deployments — when Angular lazy-loaded chunks are missing (stale cache after a redeploy), the global error handler now detects ChunkLoadError and silently reloads the page instead of logging the error and sending it to the API/Discord.

Test plan

  • Upload a base64 cover image for a book, show, manga, and music item — should succeed
  • Verify /api/auth/me 401s no longer appear in the audit log
  • Deploy a new build and confirm stale-chunk users are silently reloaded

This PR was created with help from Hikari~ 🌸

## Summary - **Base64 cover image uploads broken for books, shows, manga, and music** — a premature `validateStringLength` check ran before the data URL detection, rejecting all base64 images with a 2,048-char URL limit error. Also fixed the size calculation to extract only the base64 portion after the comma (matching the correct pattern already in `game.service.ts`). - **Audit log flooded with expected 401s on `/api/auth/me`** — these occur during normal token refresh flow and are not genuine security events. Excluded this URL from the global 401/403 audit log handler. - **ChunkLoadError spam after deployments** — when Angular lazy-loaded chunks are missing (stale cache after a redeploy), the global error handler now detects `ChunkLoadError` and silently reloads the page instead of logging the error and sending it to the API/Discord. ## Test plan - [ ] Upload a base64 cover image for a book, show, manga, and music item — should succeed - [ ] Verify `/api/auth/me` 401s no longer appear in the audit log - [ ] Deploy a new build and confirm stale-chunk users are silently reloaded ✨ This PR was created with help from Hikari~ 🌸
hikari added 3 commits 2026-02-23 20:33:56 -08:00
fix: correct base64 cover image validation for books, shows, manga, music fa4c1d8958 
Remove premature URL length check that ran before data URL detection,
causing all base64 uploads to be incorrectly rejected. Also fix size
calculation to use only the base64 data portion (after the comma) rather
than the full data URL string, matching the correct pattern already in
game.service.ts.
fix: omit audit log entries for 401s on /api/auth/me b81b77ac2f 
Token expiry probes against /api/auth/me are expected behaviour during
the refresh flow and should not generate unauthorized access audit events.
fix: silently reload on ChunkLoadError after deployments
Node.js CI / CI (pull_request) Successful in 1m47s
Details
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m53s
Details
e8610667b5 
Stale chunk errors occur when a user has an old version of the app cached
after a redeployment. Detect ChunkLoadError before logging so the page
reloads automatically without showing a toast or sending noise to the API.
naomi merged commit 6d5b0581a5 into main 2026-02-23 20:37:52 -08:00
naomi deleted branch fix/bugs 2026-02-23 20:37:55 -08:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
aspect
code
Concerns the software code in the repository
aspect
dx
Concerns developers' experience with the codebase
aspect
interface
Concerns end-users' experience with the software
aspect
text
Concerns the documentation material in the repository
contribute
good first issue
A great opportunity for a team member to learn a new codebase
contribute
help wanted
Open for anyone on our team to grab.
contribute
staff only
Restricted to our executive leadership.
goal
addition
Addition of new feature
goal
fix
Bug fix
goal
improvement
Improvement to an existing feature
points
1
Very simple issue requiring minimal effort and complexity.
points
13
Extremely complex issue representing major undertakings. Should be broken down into smaller pieces.
points
2
Simple issue that requires a bit more thought or investigation.
points
3
Moderate complexity issue requiring more substantial work.
points
5
Complex issue requiring significant effort and expertise.
points
8
Very complex issue requiring extensive work and deep expertise.
priority
critical
1
Must be fixed ASAP
priority
high
2
Stalls work on the project or its dependents
priority
low
4
Low priority and doesn't need to be rushed
priority
medium
3
Not blocking but should be fixed soon
priority
none
5
No priority, should only be performed when a developer is available
status
awaiting triage
Has not been triaged & therefore, not ready for work
status
blocked
Blocked and therefore not ready for work
status
discarded
Will not be worked on
status
discontinued
Not suitable for work as repo is in maintenance
status
label work required
Needs proper labelling before it can be worked on
status
ready for dev
Ready for work
status
ticket work required
Needs more details before it can be worked on
talk
discussion
Open for discussions and feedback
talk
question
Can be resolved with an answer
time
1 day
Approximately one full day of development work.
time
1-2 weeks
One to two weeks of focused development effort.
time
2-3 days
Two to three days of development effort.
time
4-5 days
Approximately one week of development work.
time
<1 day
Less than one day of focused work. Quick fixes or simple tasks.
time
>2 weeks
More than two weeks of development work. Must be broken down into smaller pieces.
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gurkirat hanna (Hanna Rose) hikari (Hikari) minori (Minori) naomi (Naomi Carrigan) rain teklu tim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nhcarrigan/library#69
Delete Branch "fix/bugs"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?