Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sacred-valley): review polish — render-gen guard, auth-boundary tests, PNG sig, dedup note

Browse Source 
Addresses final-review findings: I1 render-generation guard prevents a double-mount
/timer leak on rapid re-navigation; I2 adds anonymous-rejection tests for the owner-only
POST /speedtest/run and /health/check; M1 CSS comment; M2 cron↔worker dedup note;
M4 full 8-byte PNG signature check; M5 card-contract unit test for all 7 cards.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-02 23:20:14 +10:00
parent 1eadd41990
commit b82b90d2f5
7 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/api/health.test.js
View File

@@ -10,6 +10,8 @@ beforeAll(async () => {
});
describe('health api', () => {
it('401 without auth', async () => expect((await request(app).get('/api/health/services')).status).toBe(401));
it('POST /check rejects anonymous (owner-only mutation)', async () =>
expect((await request(app).post('/api/health/check')).status).toBe(401));
it('returns groups with counts + merged cached status', async () => {
const res = await request(app).get('/api/health/services').set(ownerHeaders);
expect(res.status).toBe(200);