Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sacred-valley): review polish — render-gen guard, auth-boundary tests, PNG sig, dedup note

Browse Source 
Addresses final-review findings: I1 render-generation guard prevents a double-mount
/timer leak on rapid re-navigation; I2 adds anonymous-rejection tests for the owner-only
POST /speedtest/run and /health/check; M1 CSS comment; M2 cron↔worker dedup note;
M4 full 8-byte PNG signature check; M5 card-contract unit test for all 7 cards.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-02 23:20:14 +10:00
parent 1eadd41990
commit b82b90d2f5
7 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/api/health.test.js
View File

@@ -10,6 +10,8 @@ beforeAll(async () => {
});
describe('health api', () => {
it('401 without auth', async () => expect((await request(app).get('/api/health/services')).status).toBe(401));
it('POST /check rejects anonymous (owner-only mutation)', async () =>
expect((await request(app).post('/api/health/check')).status).toBe(401));
it('returns groups with counts + merged cached status', async () => {
const res = await request(app).get('/api/health/services').set(ownerHeaders);
expect(res.status).toBe(200);

2
tests/api/speedtest.test.js
View File

@@ -7,6 +7,8 @@ let app, ownerHeaders;
beforeAll(async () => { ({ app, ownerHeaders } = await setup()); await repo.record({ down_mbps: 50, up_mbps: 10, ping_ms: 12 }); });
describe('speedtest api', () => {
it('401 without auth', async () => expect((await request(app).get('/api/speedtest/history')).status).toBe(401));
it('POST /run rejects anonymous (auth boundary before enqueue)', async () =>
expect((await request(app).post('/api/speedtest/run')).status).toBe(401));
it('history returns rows', async () => {
const res = await request(app).get('/api/speedtest/history').set(ownerHeaders);
expect(res.status).toBe(200);

31
tests/frontend/card_contract.test.js Normal file
View File

@@ -0,0 +1,31 @@
import { describe, it, expect } from 'vitest';
import clock from '../../public/views/cards/clock.js';
import weather from '../../public/views/cards/weather.js';
import hostPerf from '../../public/views/cards/host_perf.js';
import jobs from '../../public/views/cards/jobs.js';
import inbox from '../../public/views/cards/inbox.js';
import search from '../../public/views/cards/search.js';
import speedtest from '../../public/views/cards/speedtest.js';
// Every data card must satisfy the uniform contract that sacred_valley.js relies
// on: { id, title, size: s|m|l, mount(), start(), stop() }. Importing the modules
// is safe in node — their browser globals (document/localStorage/fetch) are only
// touched inside mount()/load(), which this test never calls.
const cards = { clock, weather, hostPerf, jobs, inbox, search, speedtest };
describe('card contract', () => {
for (const [name, c] of Object.entries(cards)) {
it(`${name} implements the card contract`, () => {
expect(typeof c.id).toBe('string');
expect(typeof c.title).toBe('string');
expect(['s', 'm', 'l']).toContain(c.size);
expect(typeof c.mount).toBe('function');
expect(typeof c.start).toBe('function');
expect(typeof c.stop).toBe('function');
});
}
it('all card ids are unique', () => {
const ids = Object.values(cards).map(c => c.id);
expect(new Set(ids).size).toBe(ids.length);
});
});