npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.57.1 → 0.57.2 - Mend

@cosmicdrift/kumiko-bundled-features 0.57.1 → 0.57.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-bundled-features",
-  "version": "0.57.1",
+  "version": "0.57.2",
   "description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",

package/src/config/__tests__/config.integration.test.ts CHANGED Viewed

@@ -175,10 +175,7 @@ const integrationFeature = defineFeature("integration", (r) => {
         default: "initial",
         write: access.roles("Admin"),
       }),
-      // Settings-Hub system-scope proxies for the derived Stripe screen: a
-      // privileged boolean (billing-live = machine OR human-SystemAdmin) and
-      // an encrypted system secret (api-key). Both are surfaced to a human
-      // SystemAdmin by build-config-feature-schema and must be SET-able by them.
+      // Privileged + encrypted system keys must be SET-able by a human SystemAdmin (the derived Stripe screen surfaces both).
       billingLive: createSystemConfig("boolean", {
         default: false,
         write: access.privileged,

package/src/config/__tests__/env-overrides.test.ts CHANGED Viewed

@@ -88,6 +88,27 @@ describe("buildEnvConfigOverrides", () => {
     expect(result.size).toBe(0);
   });
+  test("whitespace-only env var → skipped (semantically empty, must not clobber default)", () => {
+    // Number key: pre-fix `Number("   ".trim())` was 0 and finite → silently
+    // resolved to 0 instead of falling through to the declared default.
+    const reg = registryStub({
+      "a:config:n": createSystemConfig("number", { env: "N" }),
+      "a:config:x": createSystemConfig("text", { env: "X" }),
+    });
+    const result = buildEnvConfigOverrides(reg, { N: "   ", X: "\t\n" });
+    expect(result.size).toBe(0);
+  });
+  test("select value is trimmed before option membership (so ` dark` resolves)", () => {
+    const reg = registryStub({
+      "a:config:theme": createSystemConfig("select", {
+        env: "THEME",
+        options: ["light", "dark"],
+      }),
+    });
+    expect(buildEnvConfigOverrides(reg, { THEME: " dark " }).get("a:config:theme")).toBe("dark");
+  });
   test("keys without an env field are ignored even if a same-named var exists", () => {
     const reg = registryStub({
       "a:config:no-env": createSystemConfig("text", {}),

package/src/config/handlers/__tests__/prepare-config-write.test.ts CHANGED Viewed

@@ -106,10 +106,7 @@ describe("prepareConfigWrite", () => {
   });
   test("privileged key (system + SystemAdmin) is writable by a human SystemAdmin", () => {
-    // The derived configEdit screen surfaces a `access.privileged`
-    // (`["system","SystemAdmin"]`) key to a human SystemAdmin (e.g. Stripe
-    // billing-live). The write must succeed — "system in the write-set"
-    // means machine-OR-operator, not machine-only.
+    // "system" in the write-set means machine-OR-operator, not machine-only — a human SystemAdmin must still be able to write.
     const privilegedKey = createSystemConfig("boolean", { write: access.privileged });
     const result = prepareConfigWrite({
       registry: registryStub({ "ns:config:billing-live": privilegedKey }),

package/src/config/resolver.ts CHANGED Viewed

@@ -384,6 +384,12 @@ export function createConfigResolver(options: ConfigResolverOptions = {}): Confi
       return { value: undefined, source: "missing" };
     },
+    // NOTE: getAll / getAllWithSource read only config_values rows and do NOT
+    // dispatch to the secrets store (unlike get/getCascade/getWithSource). A
+    // backing="secrets" key has no config_values row, so it is simply ABSENT
+    // from the result map — never a stale/undefined value. Callers needing a
+    // secrets-backed value must use get/getCascade; these bulk readers are for
+    // the config_values-backed keys only.
     async getAll(tenantId, userId, db) {
       // Only load rows relevant to this user/tenant (system + tenant + user scope)
       const rows = await selectConfigRowsForScope(db, SYSTEM_TENANT_ID, tenantId, userId);
@@ -613,8 +619,8 @@ export function validateAppOverrides(
 // resolving to the wrong value. Reuses validateAppOverrides for the
 // existence / bounds / options / computed-conflict gates.
 //
-// undefined OR empty-string env vars are skipped — an unset (or `FOO=`)
-// variable must not clobber a declared default.
+// undefined OR blank env vars are skipped — an unset, empty (`FOO=`) or
+// whitespace-only (`FOO="   "`) variable must not clobber a declared default.
 type EnvSource = Readonly<Record<string, string | undefined>>;
@@ -646,8 +652,9 @@ function coerceEnvValue(
       `ENV config bridge: "${envName}" → "${qualifiedKey}" expects a boolean (true/false/1/0), got "${raw}".`,
     );
   }
-  // text | select — select-option membership is validated by validateAppOverrides
-  return raw;
+  // text | select — trimmed so e.g. `THEME=" dark"` resolves to a real option;
+  // select-option membership is validated by validateAppOverrides.
+  return raw.trim();
 }
 export function buildEnvConfigOverrides(
@@ -659,7 +666,7 @@ export function buildEnvConfigOverrides(
     const envName = keyDef.env;
     if (!envName) continue;
     const raw = env[envName];
-    if (raw === undefined || raw === "") continue;
+    if (raw === undefined || raw.trim() === "") continue;
     record[qualifiedKey] = coerceEnvValue(qualifiedKey, envName, keyDef.type, raw);
   }
   return validateAppOverrides(registry, record);

package/src/jobs/feature.ts CHANGED Viewed

@@ -153,9 +153,7 @@ export function createJobsFeature(): FeatureDefinition {
       },
     });
-    // Framework-provided single-run rebuild job (QN `jobs:job:projection-rebuild`).
-    // Available whenever `jobs` is composed — `enqueueProjectionRebuild` dispatches
-    // it; every run is tracked in read_job_runs + retryable via jobs:write:retry.
+    // Framework-provided rebuild job — available whenever `jobs` is composed; enqueueProjectionRebuild dispatches it.
     r.job(
       "projectionRebuild",
       { trigger: { manual: true }, schema: projectionRebuildPayloadSchema },

package/src/jobs/handlers/projection-rebuild.job.ts CHANGED Viewed

@@ -1,10 +1,4 @@
-// Single-run projection-rebuild worker (QN `jobs:job:projection-rebuild`).
-// Replays the event log into one projection via the framework's
-// `rebuildProjection`. Triggered manually — typically through
-// `enqueueProjectionRebuild` (migrations) as the self-service repair for an
-// emptied projection, a deliberate manual rebuild, or a post-upcaster refill.
-// Run-tracking (read_job_runs + read_job_run_logs) and retry come for free
-// from the jobs feature that registers this worker.
+// Single-run projection-rebuild worker (`jobs:job:projection-rebuild`); manually triggered, typically via enqueueProjectionRebuild to refill an emptied projection.
 import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
 import type { JobHandlerFn } from "@cosmicdrift/kumiko-framework/engine";

package/src/page-render/__tests__/security-headers.test.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { describe, expect, test } from "bun:test";
+import { securePageHeaders } from "../security-headers";
+describe("securePageHeaders", () => {
+  test("merges caller headers alongside the security defaults", () => {
+    const h = securePageHeaders({ "content-type": "text/html; charset=utf-8" });
+    expect(h["content-type"]).toBe("text/html; charset=utf-8");
+    expect(h["x-content-type-options"]).toBe("nosniff");
+    expect(h["content-security-policy"]).toContain("script-src 'none'");
+  });
+  test("a caller can NEVER override a hardened security header", () => {
+    const h = securePageHeaders({
+      "content-security-policy": "default-src *",
+      "x-frame-options": "ALLOWALL",
+    });
+    expect(h["content-security-policy"]).toBe(
+      "script-src 'none'; object-src 'none'; base-uri 'none'",
+    );
+    expect(h["x-frame-options"]).toBe("SAMEORIGIN");
+  });
+});

package/src/page-render/security-headers.ts CHANGED Viewed

@@ -11,6 +11,9 @@ const PUBLIC_PAGE_SECURITY_HEADERS = {
   "referrer-policy": "strict-origin-when-cross-origin",
 } as const;
+// Security headers spread LAST so a caller's `extra` can never override a
+// hardened default (CSP/nosniff/frame-options); extra only adds non-security
+// headers like content-type/cache-control/vary.
 export function securePageHeaders(extra: Record<string, string>): Record<string, string> {
-  return { ...PUBLIC_PAGE_SECURITY_HEADERS, ...extra };
+  return { ...extra, ...PUBLIC_PAGE_SECURITY_HEADERS };
 }

package/src/user-data-rights/__tests__/request-deletion-url.test.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { describe, expect, test } from "bun:test";
+import { buildDeletionVerifyUrl } from "../handlers/request-deletion-by-email.write";
+describe("buildDeletionVerifyUrl", () => {
+  test("appends ?token to a plain base URL", () => {
+    expect(buildDeletionVerifyUrl("https://app.example.com/delete/confirm", "tok-123")).toBe(
+      "https://app.example.com/delete/confirm?token=tok-123",
+    );
+  });
+  test("appends &token when the base already carries query params (not a second ?)", () => {
+    const url = buildDeletionVerifyUrl("https://app.example.com/confirm?lang=de", "tok-123");
+    expect(url).toBe("https://app.example.com/confirm?lang=de&token=tok-123");
+    expect(url.match(/\?/g)).toHaveLength(1);
+  });
+  test("URL-encodes a token with reserved characters", () => {
+    const url = new URL(buildDeletionVerifyUrl("https://app.example.com/c", "a b&c=d"));
+    expect(url.searchParams.get("token")).toBe("a b&c=d");
+  });
+});

package/src/user-data-rights/handlers/request-deletion-by-email.write.ts CHANGED Viewed

@@ -35,6 +35,15 @@ export type RequestDeletionByEmailOptions = {
   readonly sendDeletionVerificationEmail?: SendDeletionVerificationEmailFn;
 };
+// URL-safe append: handles a base URL that already carries query params
+// (`?lang=de` → `?lang=de&token=…`) instead of producing an invalid
+// `?lang=de?token=…`. searchParams.set encodes the token.
+export function buildDeletionVerifyUrl(base: string, token: string): string {
+  const url = new URL(base);
+  url.searchParams.set("token", token);
+  return url.toString();
+}
 // Anonymer Apex-Flow Schritt 1: "Account-Löschung beantragen" per Email.
 // DSGVO-relevant gerade wenn der User sich NICHT mehr einloggen kann
 // (Lockout). Email → Magic-Link → confirm-deletion-by-token.
@@ -71,7 +80,7 @@ export function createRequestDeletionByEmailHandler(opts: RequestDeletionByEmail
         DELETION_VERIFY_TTL_MINUTES,
         opts.deletionTokenSecret,
       );
-      const verifyUrl = `${opts.deletionVerifyUrl}?token=${encodeURIComponent(token)}`;
+      const verifyUrl = buildDeletionVerifyUrl(opts.deletionVerifyUrl, token);
       if (opts.sendDeletionVerificationEmail) {
         try {

package/src/user-data-rights/web/__tests__/deletion-screens.test.tsx CHANGED Viewed

@@ -31,6 +31,14 @@ function makeDispatcher(ok: boolean, calls: WriteCall[]): Dispatcher {
   } as unknown as Dispatcher;
 }
+function makeThrowingDispatcher(): Dispatcher {
+  return {
+    write: async () => {
+      throw new Error("network down");
+    },
+  } as unknown as Dispatcher;
+}
 function renderWith(ui: ReactElement, dispatcher: Dispatcher): void {
   render(
     <PrimitivesProvider value={defaultPrimitives}>
@@ -100,4 +108,15 @@ describe("ConfirmAccountDeletionScreen", () => {
     await waitFor(() => expect(screen.getByText(/ungültig oder abgelaufen/)).toBeTruthy());
     expect(screen.queryByText(/vorgemerkt/)).toBeNull();
   });
+  test("write wirft → generischer Error-Banner, NICHT invalidToken", async () => {
+    window.history.replaceState({}, "", "/delete-account/confirm?token=tok-123");
+    renderWith(<ConfirmAccountDeletionScreen />, makeThrowingDispatcher());
+    fireEvent.click(screen.getByRole("button"));
+    await waitFor(() => expect(screen.getByText(/schief gegangen/)).toBeTruthy());
+    expect(screen.queryByText(/ungültig oder abgelaufen/)).toBeNull();
+    expect(screen.queryByText(/vorgemerkt/)).toBeNull();
+  });
 });

package/src/user-data-rights/web/confirm-deletion-screen.tsx CHANGED Viewed

@@ -11,7 +11,7 @@ import { type ReactNode, useState } from "react";
 const CONFIRM_BY_TOKEN = "user-data-rights:write:confirm-deletion-by-token";
-type Phase = "idle" | "submitting" | "success" | "missing" | "invalid";
+type Phase = "idle" | "submitting" | "success" | "missing" | "invalid" | "error";
 function readToken(): string {
   if (typeof window === "undefined") return "";
@@ -37,7 +37,7 @@ export function ConfirmAccountDeletionScreen({
       const res = await dispatcher.write(CONFIRM_BY_TOKEN, { token });
       setPhase(res.isSuccess ? "success" : "invalid");
     } catch {
-      setPhase("invalid");
+      setPhase("error");
     }
   };
@@ -66,6 +66,9 @@ export function ConfirmAccountDeletionScreen({
             {phase === "invalid" && (
               <Banner variant="error">{t("userDataRights.deletion.confirm.invalidToken")}</Banner>
             )}
+            {phase === "error" && (
+              <Banner variant="error">{t("userDataRights.deletion.confirm.error")}</Banner>
+            )}
             <Button
               type="button"
               variant="danger"