bugfix: second-pass audit follow-ups (N1-N4)

Four small follow-ups from the second-pass audit: - N1: `manga_upload_rolls_back_when_cover_storage_fails` covers the manga-side of the transactional rollback path. The chapter case had a `FailingStorage` regression test already; this completes the symmetric pair. With fail-on-put-index=0, the cover put fails on the first call, the transaction aborts, and `SELECT count(*) FROM mangas WHERE title = 'Berserk'` is 0. - N2: The SvelteKit proxy now catches network-layer failures from the upstream `fetch` (DNS / connection refused / TLS handshake) and returns a 502 with the standard error envelope (`code: 'upstream_unavailable'`) instead of letting SvelteKit's generic 500 HTML page through. `client.ts` can `.json()` the result cleanly so callers see a real ApiError with a meaningful code. The underlying cause is logged via `console.error` for the operator. Test in hooks.server.test.ts asserts the 502, the JSON envelope, and that `resolve` is not called (the proxy short-circuits). - N3: `GET /api/v1/files/*key` now sets `X-Content-Type-Options: nosniff`. The upload-time magic-byte sniff is authoritative for what we declare as Content-Type; `nosniff` makes the contract explicit so older user-agents can't try to re-detect HTML/JS in a polyglot file that survived the sniff. Test in api_uploads.rs asserts the header. - N4: The /bookmarks page used `{#if b.page}` to gate the "— page N" display, which falsy-elided a legitimate `page == 0`. Backend now rejects `page < 1` for new bookmarks (already shipped in 0.9.4), but any pre-0.9.4 row with page=0 still rendered without its number. Strengthened to `{#if b.page != null && b.page > 0}`. Lockstep version bump to 0.10.1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 23:55:53 +02:00
parent 69eca21fb5
commit a8d6da167c
8 changed files with 95 additions and 6 deletions
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "mangalord-frontend",
-  "version": "0.10.0",
+  "version": "0.10.1",
  "private": true,
  "type": "module",
  "scripts": {
--- a/frontend/src/hooks.server.test.ts
+++ b/frontend/src/hooks.server.test.ts
@@ -101,4 +101,21 @@ describe('hooks.server proxy', () => {
        expect(fetchSpy).not.toHaveBeenCalled();
        expect(resolve).toHaveBeenCalledTimes(1);
    });
+
+    it('returns 502 with the standard error envelope when the upstream is unreachable', async () => {
+        // Silence the console.error the handler emits on failure so
+        // the test output stays clean.
+        const errSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+        fetchSpy.mockRejectedValueOnce(new TypeError('fetch failed'));
+
+        const resolve = vi.fn();
+        const resp = await handle({ event: makeEvent('/api/v1/health'), resolve });
+
+        expect(resolve).not.toHaveBeenCalled();
+        expect(resp.status).toBe(502);
+        expect(resp.headers.get('content-type')).toContain('application/json');
+        const body = await resp.json();
+        expect(body.error.code).toBe('upstream_unavailable');
+        expect(errSpy).toHaveBeenCalled();
+    });
 });
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -34,7 +34,30 @@ export const handle: Handle = async ({ event, resolve }) => {
            init.duplex = 'half';
        }

-        const upstream = await fetch(target, init);
+        let upstream: Response;
+        try {
+            upstream = await fetch(target, init);
+        } catch (e) {
+            // Network-layer failure (DNS / connection refused / TLS
+            // handshake) — most commonly "backend container restarting".
+            // SvelteKit's default 500 would be an HTML page that
+            // client.ts can't .json(), which masks the real cause. Emit
+            // the standard envelope with a dedicated code instead.
+            console.error('Proxy to backend failed:', e);
+            return new Response(
+                JSON.stringify({
+                    error: {
+                        code: 'upstream_unavailable',
+                        message: 'backend unreachable'
+                    }
+                }),
+                {
+                    status: 502,
+                    headers: { 'content-type': 'application/json' }
+                }
+            );
+        }
+
        return new Response(upstream.body, {
            status: upstream.status,
            statusText: upstream.statusText,
--- a/frontend/src/routes/bookmarks/+page.svelte
+++ b/frontend/src/routes/bookmarks/+page.svelte
@@ -23,7 +23,7 @@
                {#if b.chapter_id && b.chapter_number != null}
                    <a href="/manga/{b.manga_id}/chapter/{b.chapter_number}">
                        Chapter {b.chapter_number}
-                        {#if b.page}— page {b.page}{/if}
+                        {#if b.page != null && b.page > 0}— page {b.page}{/if}
                    </a>
                {:else if b.chapter_id}
                    <!-- Chapter bookmark whose chapter was deleted; fall