Merge remote-tracking branch 'origin/dev' into dev

2026-06-19 13:21:46 +00:00 · 2026-04-03 14:45:34 +02:00
parent bf2eea18c3 501bab0f69
commit ce72f45d9a
20 changed files with 17163 additions and 16726 deletions
@@ -3,10 +3,10 @@ import multer from 'multer';
 import path from 'path';
 import fs from 'fs';
 import { v4 as uuidv4 } from 'uuid';
-import { canAccessTrip } from '../db/database';
+import { db, canAccessTrip } from '../db/database';
 import { authenticate, demoUploadBlock } from '../middleware/auth';
 import { broadcast } from '../websocket';
-import { AuthRequest } from '../types';
+import { AuthRequest, Trip } from '../types';
 import { writeAudit, getClientIp, logInfo } from '../services/auditLog';
 import { checkPermission } from '../services/permissions';
 import {
@@ -26,6 +26,7 @@ import {
  verifyTripAccess,
  NotFoundError,
  ValidationError,
+  TRIP_SELECT,
 } from '../services/tripService';

 const router = express.Router();
@@ -7,7 +7,7 @@ export function cookieOptions(clear = false) {
  return {
    httpOnly: true,
    secure,
-    sameSite: 'strict' as const,
+    sameSite: 'lax' as const,
    path: '/',
    ...(clear ? {} : { maxAge: 24 * 60 * 60 * 1000 }), // 24h — matches JWT expiry
  };
@@ -6,7 +6,7 @@ import { Trip, User } from '../types';
 export const MS_PER_DAY = 86400000;
 export const MAX_TRIP_DAYS = 365;

-const TRIP_SELECT = `
+export const TRIP_SELECT = `
  SELECT t.*,
    (SELECT COUNT(*) FROM days d WHERE d.trip_id = t.id) as day_count,
    (SELECT COUNT(*) FROM places p WHERE p.trip_id = t.id) as place_count,
@@ -11,8 +11,8 @@ describe('cookieOptions', () => {
    expect(cookieOptions()).toHaveProperty('httpOnly', true);
  });

-  it('always sets sameSite: strict', () => {
-    expect(cookieOptions()).toHaveProperty('sameSite', 'strict');
+  it('always sets sameSite: lax', () => {
+    expect(cookieOptions()).toHaveProperty('sameSite', 'lax');
  });

  it('always sets path: /', () => {