fix: resolve four Stellar Wave issues (#1182 #1188 #1198 #1214)#1294
Open
thewealthyplace wants to merge 1 commit into
Open
fix: resolve four Stellar Wave issues (#1182 #1188 #1198 #1214)#1294thewealthyplace wants to merge 1 commit into
thewealthyplace wants to merge 1 commit into
Conversation
…absCrypt#1198 LabsCrypt#1214) - [LabsCrypt#1182] CORS: restrict non-production branch to localhost/dev allowlist instead of reflecting every origin; credentials:true only for allowlisted origins; add test asserting unlisted origin rejected even when NODE_ENV != production - [LabsCrypt#1188] Migration 1787: rewrite to CREATE TABLE user_notification_preferences (user_id, email_enabled, sms_enabled, phone, timestamps) instead of re-adding columns that already exist on user_profiles; fix down() to drop the table; service and 1793 migration can now resolve the table on a fresh DB - [LabsCrypt#1198] DB pool: add connectionTimeoutMillis (DB_CONN_TIMEOUT_MS) and statement_timeout per connection (DB_STATEMENT_TIMEOUT_MS) so getClient() rejects under exhaustion instead of hanging; add test asserting rejection within the timeout; document new env vars - [LabsCrypt#1214] tsconfig: enable noUnusedLocals, noUnusedParameters, noImplicitReturns, noFallthroughCasesInSwitch, noImplicitOverride; fix all resulting errors across controllers, middleware, services, cron jobs, and tests so npm run typecheck passes green
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
[#1182] CORS: restrict non-production origin reflection
backend/src/app.ts: replaced the unconditionalcallback(null, true)for all origins whenNODE_ENV !== 'production'with an explicitdevOriginsallowlist (localhost 3000/3001 + 127.0.0.1 variants)backend/src/__tests__/cors.test.ts: added two tests — one asserting an unlisted external origin (evil-corp.io) is rejected in development, and one asserting127.0.0.1:3000is allowed[#1188] Migration 1787: create user_notification_preferences table
backend/migrations/1787000000017_user-notification-preferences.js: rewroteup()fromaddColumns('user_profiles', …)(which re-added columns that already exist and conflicted with1773) tocreateTable('user_notification_preferences', …)withuser_idFK,email_enabled,sms_enabled,phone, and timestamps;down()now drops the tableaddColumns(user_notification_preferences, …)andnotificationService'sSELECT digest_frequencynow resolve against the correctly created table on a fresh DB[#1198] DB pool: add connection and statement timeouts
backend/src/db/connection.ts: addedconnectionTimeoutMillis(fromDB_CONN_TIMEOUT_MS, default 10 s) to thePoolconfig sogetClient()rejects instead of hanging when all connections are checked out; addedpool.on('connect')hook toSET statement_timeout(fromDB_STATEMENT_TIMEOUT_MS, default 30 s) on every acquired connectionbackend/src/__tests__/connection.test.ts: new test file assertinggetClientrejects within the configured timeout when the pool is saturated; also asserts the env var is forwarded correctlybackend/.env.exampleanddocs/ENVIRONMENT.md: document the two new env vars[#1214] tsconfig: enable stricter compile-time checks
backend/tsconfig.json: uncommentednoUnusedLocals,noUnusedParameters,noImplicitReturns,noFallthroughCasesInSwitch, andnoImplicitOverrideauthController,indexerController,loanController), middleware (loanAccess,rateLimiter), services (eventIndexer,scoresService,webhookService,yieldHistoryService), cron (scoreDecayJob), routes, config, and tests (requestId,remittanceService,notificationService,connection,cors,database) sonpm run typecheckpasses greenTest plan
cd backend && npm run typecheck— exits 0 (no TypeScript errors)cd backend && npx jest src/__tests__/cors.test.ts— new CORS tests passcd backend && npx jest src/__tests__/connection.test.ts— pool timeout test passes or skips gracefully when no DB is availablenpm run migrate:up— migration chain applies end-to-end without errors (1773 → 1787 → 1793)NODE_ENV=development; confirm requests fromhttps://evil-corp.ioreceive a CORS rejectioncloses #1182
closes #1188
closes #1198
closes #1214