generated from nhcarrigan/template
hikari
6d5b0581a5
## Summary - **Base64 cover image uploads broken for books, shows, manga, and music** — a premature `validateStringLength` check ran before the data URL detection, rejecting all base64 images with a 2,048-char URL limit error. Also fixed the size calculation to extract only the base64 portion after the comma (matching the correct pattern already in `game.service.ts`). - **Audit log flooded with expected 401s on `/api/auth/me`** — these occur during normal token refresh flow and are not genuine security events. Excluded this URL from the global 401/403 audit log handler. - **ChunkLoadError spam after deployments** — when Angular lazy-loaded chunks are missing (stale cache after a redeploy), the global error handler now detects `ChunkLoadError` and silently reloads the page instead of logging the error and sending it to the API/Discord. ## Test plan - [ ] Upload a base64 cover image for a book, show, manga, and music item — should succeed - [ ] Verify `/api/auth/me` 401s no longer appear in the audit log - [ ] Deploy a new build and confirm stale-chunk users are silently reloaded ✨ This PR was created with help from Hikari~ 🌸 Reviewed-on: #69 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
223 lines
6.2 KiB
TypeScript
223 lines
6.2 KiB
TypeScript
/**
|
|
* @copyright 2026 NHCarrigan
|
|
* @license Naomi's Public License
|
|
* @author Naomi Carrigan
|
|
*/
|
|
|
|
import { Book, BookStatus, CreateBookDto, UpdateBookDto } from "@library/shared-types";
|
|
import { prisma } from "../lib/prisma";
|
|
import {
|
|
validateUrl,
|
|
validateRating,
|
|
validateStringLength,
|
|
validateDataUrl,
|
|
MAX_LENGTHS,
|
|
} from "../utils/validation";
|
|
|
|
export class BookService {
|
|
private prisma = prisma;
|
|
|
|
constructor() {}
|
|
|
|
/**
|
|
* Validate book data for security.
|
|
*/
|
|
private validateBookData(data: CreateBookDto | UpdateBookDto): void {
|
|
// Validate string lengths
|
|
if (!validateStringLength(data.title, MAX_LENGTHS.TITLE)) {
|
|
throw new Error(`Title must be ${MAX_LENGTHS.TITLE} characters or less.`);
|
|
}
|
|
if (!validateStringLength(data.author, MAX_LENGTHS.AUTHOR)) {
|
|
throw new Error(`Author must be ${MAX_LENGTHS.AUTHOR} characters or less.`);
|
|
}
|
|
if (!validateStringLength(data.isbn, MAX_LENGTHS.ISBN)) {
|
|
throw new Error(`ISBN must be ${MAX_LENGTHS.ISBN} characters or less.`);
|
|
}
|
|
if (!validateStringLength(data.notes, MAX_LENGTHS.NOTES)) {
|
|
throw new Error(`Notes must be ${MAX_LENGTHS.NOTES} characters or less.`);
|
|
}
|
|
// Validate rating
|
|
if (!validateRating(data.rating)) {
|
|
throw new Error("Rating must be an integer between 0 and 10.");
|
|
}
|
|
|
|
if (data.coverImage) {
|
|
if (data.coverImage.startsWith("data:")) {
|
|
const base64Data = data.coverImage.split(",")[1];
|
|
if (!base64Data) {
|
|
throw new Error("Invalid image data URL format.");
|
|
}
|
|
const sizeInBytes = base64Data.length * 0.75;
|
|
if (sizeInBytes > MAX_LENGTHS.DATA_URL) {
|
|
throw new Error("Cover image must be under 5MB.");
|
|
}
|
|
if (!validateDataUrl(data.coverImage)) {
|
|
throw new Error("Invalid image data URL.");
|
|
}
|
|
} else {
|
|
if (!validateStringLength(data.coverImage, MAX_LENGTHS.URL)) {
|
|
throw new Error(`Cover image URL must be ${MAX_LENGTHS.URL} characters or less.`);
|
|
}
|
|
if (!validateUrl(data.coverImage)) {
|
|
throw new Error("Invalid cover image URL. Only http and https URLs are allowed.");
|
|
}
|
|
}
|
|
}
|
|
|
|
// Validate tags
|
|
if (data.tags) {
|
|
for (const tag of data.tags) {
|
|
if (!validateStringLength(tag, MAX_LENGTHS.TAGS)) {
|
|
throw new Error(`Each tag must be ${MAX_LENGTHS.TAGS} characters or less.`);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Validate link URLs
|
|
if (data.links) {
|
|
for (const link of data.links) {
|
|
if (!validateUrl(link.url)) {
|
|
throw new Error(`Invalid link URL: ${link.title}. Only http and https URLs are allowed.`);
|
|
}
|
|
if (!validateStringLength(link.title, MAX_LENGTHS.TITLE)) {
|
|
throw new Error(`Link title must be ${MAX_LENGTHS.TITLE} characters or less.`);
|
|
}
|
|
if (!validateStringLength(link.url, MAX_LENGTHS.URL)) {
|
|
throw new Error(`Link URL must be ${MAX_LENGTHS.URL} characters or less.`);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get all books.
|
|
*/
|
|
async getAllBooks(): Promise<Book[]> {
|
|
const books = await this.prisma.book.findMany({
|
|
orderBy: { updatedAt: "desc" },
|
|
});
|
|
|
|
return books.map((book) => ({
|
|
...book,
|
|
status: book.status as unknown as BookStatus,
|
|
dateAdded: book.dateAdded,
|
|
dateStarted: book.dateStarted || undefined,
|
|
dateFinished: book.dateFinished || undefined,
|
|
tags: book.tags ?? [],
|
|
links: book.links ?? [],
|
|
createdAt: book.createdAt,
|
|
updatedAt: book.updatedAt,
|
|
}));
|
|
}
|
|
|
|
/**
|
|
* Get book by ID.
|
|
*/
|
|
async getBookById(id: string): Promise<Book | null> {
|
|
const book = await this.prisma.book.findUnique({
|
|
where: { id },
|
|
});
|
|
|
|
if (!book) return null;
|
|
|
|
return {
|
|
...book,
|
|
status: book.status as unknown as BookStatus,
|
|
dateAdded: book.dateAdded,
|
|
dateStarted: book.dateStarted || undefined,
|
|
dateFinished: book.dateFinished || undefined,
|
|
tags: book.tags ?? [],
|
|
links: book.links ?? [],
|
|
createdAt: book.createdAt,
|
|
updatedAt: book.updatedAt,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Get all books in a series, ordered by seriesOrder.
|
|
*/
|
|
async getBooksBySeries(seriesName: string): Promise<Book[]> {
|
|
const books = await this.prisma.book.findMany({
|
|
where: { series: seriesName },
|
|
orderBy: { seriesOrder: "asc" },
|
|
});
|
|
|
|
return books.map((book) => ({
|
|
...book,
|
|
status: book.status as unknown as BookStatus,
|
|
dateAdded: book.dateAdded,
|
|
dateStarted: book.dateStarted || undefined,
|
|
dateFinished: book.dateFinished || undefined,
|
|
tags: book.tags ?? [],
|
|
links: book.links ?? [],
|
|
createdAt: book.createdAt,
|
|
updatedAt: book.updatedAt,
|
|
}));
|
|
}
|
|
|
|
/**
|
|
* Create new book.
|
|
*/
|
|
async createBook(data: CreateBookDto): Promise<Book> {
|
|
// Validate input
|
|
this.validateBookData(data);
|
|
|
|
const book = await this.prisma.book.create({
|
|
data: {
|
|
...data,
|
|
status: data.status.toUpperCase() as any,
|
|
},
|
|
});
|
|
|
|
return {
|
|
...book,
|
|
status: book.status as unknown as BookStatus,
|
|
dateAdded: book.dateAdded,
|
|
dateStarted: book.dateStarted || undefined,
|
|
dateFinished: book.dateFinished || undefined,
|
|
tags: book.tags ?? [],
|
|
links: book.links ?? [],
|
|
createdAt: book.createdAt,
|
|
updatedAt: book.updatedAt,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Update book by ID.
|
|
*/
|
|
async updateBook(id: string, data: UpdateBookDto): Promise<Book> {
|
|
// Validate input
|
|
this.validateBookData(data);
|
|
|
|
const updateData = { ...data };
|
|
if (updateData.status) {
|
|
updateData.status = updateData.status.toUpperCase() as any;
|
|
}
|
|
|
|
const book = await this.prisma.book.update({
|
|
where: { id },
|
|
data: updateData,
|
|
});
|
|
|
|
return {
|
|
...book,
|
|
status: book.status as unknown as BookStatus,
|
|
dateAdded: book.dateAdded,
|
|
dateStarted: book.dateStarted || undefined,
|
|
dateFinished: book.dateFinished || undefined,
|
|
tags: book.tags ?? [],
|
|
links: book.links ?? [],
|
|
createdAt: book.createdAt,
|
|
updatedAt: book.updatedAt,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Delete book by ID.
|
|
*/
|
|
async deleteBook(id: string): Promise<void> {
|
|
await this.prisma.book.delete({
|
|
where: { id },
|
|
});
|
|
}
|
|
} |