mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
Bug fixes - April 27th 2026 (#907)
* fix: clean up dangling FK references before deleting a user Resolves FOREIGN KEY constraint failed (500) on DELETE /api/admin/users/:id and DELETE /api/auth/me when the target user had rows in trip_members.invited_by, share_tokens.created_by, budget_items.paid_by_user_id, journeys.user_id, journey_entries.author_id, journey_contributors.user_id, or journey_share_tokens.created_by — none of which had ON DELETE clauses. Introduces deleteUserCompletely() in userCleanupService.ts which wraps all cleanup and the final DELETE FROM users in a single transaction. Both adminService.deleteUser and authService.deleteAccount now call it instead of the bare DELETE. Tests ADMIN-005b and AUTH-040 cover all reference types including notification sender/recipient and notice dismissals. * test: extend FK deletion tests to cover journeys, files, and photos ADMIN-005b and AUTH-040 now also seed and assert: - owned journey with entries (cascade-deleted via journeys.user_id cleanup) - trip_files.uploaded_by (SET NULL — file survives, attribution cleared) - trek_photos.owner_id (SET NULL — photo record survives, owner cleared) - trip_photos.user_id (CASCADE — photo association removed) * test: extend user deletion tests to cover all FK relationships ADMIN-005b and AUTH-040 now seed and assert every user FK relationship: CASCADE (row deleted): trips, trip_members, tags, mcp_tokens, oauth_tokens, oauth_consents, vacay_plans, vacay_plan_members, bucket_list, visited_countries, visited_regions, packing_templates, invite_tokens, collab_notes, settings, password_reset_tokens, notification_channel_preferences SET NULL (row survives, column nulled): categories, todo_items.assigned_user_id, packing_bags, audit_log Caught and fixed: notification_preferences was dropped in migration 72; correct table is notification_channel_preferences. * fix: preserve URL hash and OIDC redirect target through login flow - Include location.hash in redirect param at all three producer sites (ProtectedRoute, axios 401 interceptor, OAuthAuthorizePage) so hash fragments survive the login bounce - Stash redirectTarget in sessionStorage before any OIDC provider redirect and restore it after the code exchange, since the IdP strips the original ?redirect= param during the roundtrip - Clear sessionStorage on OIDC error to avoid stale state - Add tests covering sessionStorage stash on mount, navigate to saved redirect after OIDC exchange, fallback to /dashboard, and cleanup on error * fix: use day position instead of ID for accommodation date range clamping Math.min/Math.max over raw day IDs breaks the start/end picker when a trip's day IDs are non-monotonic relative to day_number (normal after repeated generateDays extend/shrink cycles). Replaced with findIndex lookups so clamping is always based on positional order. Closes #889 * fix: normalize env var comparisons to be case-insensitive All NODE_ENV, DEMO_MODE, OIDC_ONLY, FORCE_HTTPS, COOKIE_SECURE, and ALLOW_INTERNAL_NETWORK checks now use .toLowerCase() so values like 'Production' or 'True' behave identically to their lowercase forms. Also adds APP_VERSION to the startup banner. * fix: delete surplus days when shortening a trip When shrinking a trip's date range, surplus days are now deleted along with their assignments, notes, and accommodations (cascade). Places remain in the trip pool; reservations keep their day reference nulled by the existing ON DELETE SET NULL constraint (issue #909). Updates TRIP-SVC-011 to reflect the new behaviour; adds TRIP-SVC-016 as a regression test for the empty-day case. * fix: auto-backup retention deletes itself and manual backups on Docker Two bugs in cleanupOldBackups: 1. Filter was .endsWith('.zip') — swept manual backup-*.zip files too. Now restricted to auto-backup-* prefix. 2. Age was derived from stat.birthtimeMs, which is 0 on overlayfs (Docker default), making every backup appear epoch-old and get deleted immediately. Age is now parsed from the filename timestamp and falls back to mtimeMs (reliable on overlayfs). Also converts inline require('./services/auditLog') calls to a static import throughout scheduler.ts, and adds 8 unit tests covering the fixed retention logic including the overlayfs regression case. * test: update TRIP-024 to match delete behavior on trip shrink * feat: add bypass-branch-check label to skip branch enforcement
This commit is contained in:
Julien G.
@@ -1,4 +1,4 @@
|
||||
import { describe, it, expect, vi } from 'vitest';
|
||||
import { describe, it, expect, vi, beforeEach } from 'vitest';
|
||||
|
||||
// Prevent node-cron from scheduling anything at import time
|
||||
vi.mock('node-cron', () => ({
|
||||
@@ -17,6 +17,7 @@ vi.mock('node:fs', () => ({
|
||||
writeFileSync: vi.fn(),
|
||||
readdirSync: vi.fn(() => []),
|
||||
statSync: vi.fn(() => ({ mtime: new Date(), size: 0 })),
|
||||
unlinkSync: vi.fn(),
|
||||
createWriteStream: vi.fn(() => ({ on: vi.fn(), pipe: vi.fn() })),
|
||||
},
|
||||
existsSync: vi.fn(() => false),
|
||||
@@ -25,14 +26,20 @@ vi.mock('node:fs', () => ({
|
||||
writeFileSync: vi.fn(),
|
||||
readdirSync: vi.fn(() => []),
|
||||
statSync: vi.fn(() => ({ mtime: new Date(), size: 0 })),
|
||||
unlinkSync: vi.fn(),
|
||||
createWriteStream: vi.fn(() => ({ on: vi.fn(), pipe: vi.fn() })),
|
||||
}));
|
||||
vi.mock('../../../src/db/database', () => ({
|
||||
db: { prepare: () => ({ all: vi.fn(() => []), get: vi.fn(), run: vi.fn() }) },
|
||||
}));
|
||||
vi.mock('../../../src/config', () => ({ JWT_SECRET: 'test-secret', ENCRYPTION_KEY: '0'.repeat(64) }));
|
||||
vi.mock('../../src/services/auditLog', () => ({
|
||||
logInfo: vi.fn(),
|
||||
logError: vi.fn(),
|
||||
}));
|
||||
|
||||
import { buildCronExpression } from '../../src/scheduler';
|
||||
import fs from 'node:fs';
|
||||
import { buildCronExpression, cleanupOldBackups } from '../../src/scheduler';
|
||||
|
||||
interface BackupSettings {
|
||||
enabled: boolean;
|
||||
@@ -130,3 +137,82 @@ describe('buildCronExpression', () => {
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('cleanupOldBackups', () => {
|
||||
const DAY = 24 * 60 * 60 * 1000;
|
||||
const NOW = new Date('2026-04-27T02:00:00Z').getTime();
|
||||
|
||||
function isoFilename(daysAgo: number, prefix: 'auto-backup' | 'backup' = 'auto-backup'): string {
|
||||
const d = new Date(NOW - daysAgo * DAY);
|
||||
const stamp = d.toISOString().replace(/[:.]/g, '-').slice(0, 19);
|
||||
return `${prefix}-${stamp}.zip`;
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
vi.mocked(fs.readdirSync).mockReset();
|
||||
vi.mocked(fs.statSync).mockReset();
|
||||
vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>).mockReset();
|
||||
(vi.mocked(fs.statSync) as ReturnType<typeof vi.fn>).mockReturnValue({ mtime: new Date(), mtimeMs: NOW, birthtimeMs: NOW, size: 0 });
|
||||
});
|
||||
|
||||
it('never deletes manual backup-*.zip files regardless of age', () => {
|
||||
const manual = isoFilename(365 * 5, 'backup');
|
||||
const auto = isoFilename(0);
|
||||
vi.mocked(fs.readdirSync).mockReturnValue([manual, auto] as unknown as string[]);
|
||||
cleanupOldBackups(7, NOW);
|
||||
const deleted = (vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).mock.calls.map((c: unknown[]) => c[0] as string);
|
||||
expect(deleted.some((p: string) => p.includes(manual))).toBe(false);
|
||||
});
|
||||
|
||||
it('keeps auto-backups newer than retention', () => {
|
||||
const recent = isoFilename(3);
|
||||
vi.mocked(fs.readdirSync).mockReturnValue([recent] as unknown as string[]);
|
||||
cleanupOldBackups(7, NOW);
|
||||
expect(vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('deletes auto-backups older than retention', () => {
|
||||
const old = isoFilename(30);
|
||||
vi.mocked(fs.readdirSync).mockReturnValue([old] as unknown as string[]);
|
||||
cleanupOldBackups(7, NOW);
|
||||
expect(vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).toHaveBeenCalledOnce();
|
||||
const [calledPath] = (vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).mock.calls[0] as string[];
|
||||
expect(calledPath).toContain(old);
|
||||
});
|
||||
|
||||
it('overlayfs regression: birthtimeMs=0 does not delete a same-day backup', () => {
|
||||
const fresh = isoFilename(0);
|
||||
vi.mocked(fs.readdirSync).mockReturnValue([fresh] as unknown as string[]);
|
||||
(vi.mocked(fs.statSync) as ReturnType<typeof vi.fn>).mockReturnValue({ birthtimeMs: 0, mtimeMs: NOW, mtime: new Date(NOW), size: 100 });
|
||||
cleanupOldBackups(7, NOW);
|
||||
expect(vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('malformed filename falls back to mtimeMs: keeps recent file', () => {
|
||||
vi.mocked(fs.readdirSync).mockReturnValue(['auto-backup-garbage.zip'] as unknown as string[]);
|
||||
(vi.mocked(fs.statSync) as ReturnType<typeof vi.fn>).mockReturnValue({ birthtimeMs: 0, mtimeMs: NOW - 1 * DAY, mtime: new Date(NOW - 1 * DAY), size: 0 });
|
||||
cleanupOldBackups(7, NOW);
|
||||
expect(vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('malformed filename falls back to mtimeMs: deletes stale file', () => {
|
||||
vi.mocked(fs.readdirSync).mockReturnValue(['auto-backup-garbage.zip'] as unknown as string[]);
|
||||
(vi.mocked(fs.statSync) as ReturnType<typeof vi.fn>).mockReturnValue({ birthtimeMs: 0, mtimeMs: NOW - 30 * DAY, mtime: new Date(NOW - 30 * DAY), size: 0 });
|
||||
cleanupOldBackups(7, NOW);
|
||||
expect(vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).toHaveBeenCalledOnce();
|
||||
});
|
||||
|
||||
it('ignores non-zip files and does not crash', () => {
|
||||
const old = isoFilename(30);
|
||||
vi.mocked(fs.readdirSync).mockReturnValue([old, 'notes.txt'] as unknown as string[]);
|
||||
cleanupOldBackups(7, NOW);
|
||||
const calls = (vi.mocked(fs.unlinkSync as ReturnType<typeof vi.fn>)).mock.calls as string[][];
|
||||
expect(calls.every(([p]: string[]) => !p.includes('notes.txt'))).toBe(true);
|
||||
expect(calls.length).toBe(1);
|
||||
});
|
||||
|
||||
it('swallows readdirSync errors without throwing', () => {
|
||||
vi.mocked(fs.readdirSync).mockImplementation(() => { throw new Error('ENOENT'); });
|
||||
expect(() => cleanupOldBackups(7, NOW)).not.toThrow();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -96,33 +96,37 @@ describe('generateDays', () => {
|
||||
expect(getNotes(day2.id)[0].id).toBe(note.id);
|
||||
});
|
||||
|
||||
it('TRIP-SVC-011: shrinking range converts overflow days to dateless, preserves their assignments', () => {
|
||||
it('TRIP-SVC-011: shrinking range deletes overflow days and their assignments (issue #909)', () => {
|
||||
const { user } = createUser(testDb);
|
||||
const trip = createTrip(testDb, user.id, { start_date: '2025-07-01', end_date: '2025-07-05' });
|
||||
const daysBefore = getDays(trip.id);
|
||||
expect(daysBefore).toHaveLength(5);
|
||||
|
||||
const place = createPlace(testDb, trip.id);
|
||||
// Assign places to days 4 and 5 (will become overflow)
|
||||
const a4 = createDayAssignment(testDb, daysBefore[3].id, place.id);
|
||||
const a5 = createDayAssignment(testDb, daysBefore[4].id, place.id);
|
||||
createDayAssignment(testDb, daysBefore[3].id, place.id);
|
||||
createDayAssignment(testDb, daysBefore[4].id, place.id);
|
||||
|
||||
// Shrink from 5 to 3 days
|
||||
// Shrink from 5 to 3 days — surplus days and their content are removed
|
||||
generateDays(trip.id, '2025-07-01', '2025-07-03');
|
||||
|
||||
const daysAfter = getDays(trip.id);
|
||||
expect(daysAfter).toHaveLength(5); // no rows deleted
|
||||
expect(daysAfter).toHaveLength(3);
|
||||
expect(daysAfter.map(d => d.date)).toEqual(['2025-07-01', '2025-07-02', '2025-07-03']);
|
||||
});
|
||||
|
||||
const dated = daysAfter.filter(d => d.date !== null);
|
||||
const dateless = daysAfter.filter(d => d.date === null);
|
||||
expect(dated).toHaveLength(3);
|
||||
expect(dateless).toHaveLength(2);
|
||||
it('TRIP-SVC-016: shrinking range deletes empty overflow days (issue #909)', () => {
|
||||
const { user } = createUser(testDb);
|
||||
const trip = createTrip(testDb, user.id, { start_date: '2025-07-01', end_date: '2025-07-07' });
|
||||
expect(getDays(trip.id)).toHaveLength(7);
|
||||
|
||||
// Overflow days still have their assignments
|
||||
expect(getAssignments(dateless[0].id)).toHaveLength(1);
|
||||
expect(getAssignments(dateless[0].id)[0].id).toBe(a4.id);
|
||||
expect(getAssignments(dateless[1].id)).toHaveLength(1);
|
||||
expect(getAssignments(dateless[1].id)[0].id).toBe(a5.id);
|
||||
// Shrink 7 → 5; days 6 and 7 have no content
|
||||
generateDays(trip.id, '2025-07-01', '2025-07-05');
|
||||
|
||||
const daysAfter = getDays(trip.id);
|
||||
expect(daysAfter).toHaveLength(5);
|
||||
expect(daysAfter.map(d => d.date)).toEqual([
|
||||
'2025-07-01', '2025-07-02', '2025-07-03', '2025-07-04', '2025-07-05',
|
||||
]);
|
||||
});
|
||||
|
||||
it('TRIP-SVC-012: growing range keeps existing day content and appends new empty days', () => {
|
||||
|
||||
Reference in New Issue
Block a user