Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sacred-valley): review polish — render-gen guard, auth-boundary tests, PNG sig, dedup note

Browse Source 
Addresses final-review findings: I1 render-generation guard prevents a double-mount
/timer leak on rapid re-navigation; I2 adds anonymous-rejection tests for the owner-only
POST /speedtest/run and /health/check; M1 CSS comment; M2 cron↔worker dedup note;
M4 full 8-byte PNG signature check; M5 card-contract unit test for all 7 cards.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-02 23:20:14 +10:00
parent 1eadd41990
commit b82b90d2f5
7 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cron/index.js
View File

@@ -23,6 +23,10 @@ export function startCron() {
catch (e) { log.error({ err: e }, 'cron speedtest failed'); }
});
// Health checks every minute. NOTE: this runs checkAll() inline; the same
// probe+upsert logic is also exposed on-demand via the `health.check` pg-boss
// worker (lib/jobs/workers/health_check.js, triggered by POST /api/health/check).
// Keep the two in sync — both rely on lib/health/checker.js as the source of truth.
cron.schedule('*/1 * * * *', async () => {
try {
const results = await checkAll(load());

3
lib/health/icons.js
View File

@@ -16,7 +16,8 @@ async function defaultFetcher(slug) {
return Buffer.from(await res.arrayBuffer());
}
function isPng(buf) { return buf && buf.length > 8 && buf[0] === 0x89 && buf[1] === 0x50 && buf[2] === 0x4e && buf[3] === 0x47; }
const PNG_SIG = [0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a];
function isPng(buf) { return buf && buf.length > 8 && PNG_SIG.every((b, i) => buf[i] === b); }
// Returns a Buffer (cached or freshly fetched) or null if upstream has no icon.
export async function getIcon(slug) {