Mangalord

fabi/Mangalord

Fork 0

Commit Graph

Author	SHA1	Message	Date
MechaCat02	d81aca42a0	chore: audit-flagged cleanups (no behaviour change) Four small follow-ups from the 0.9.0 audit, none of them user-visible: - Migration 0007 drops `chapters_manga_idx`. The 0001 schema declared both `UNIQUE (manga_id, number)` and `CREATE INDEX chapters_manga_idx ON (manga_id, number)`, but Postgres maintains an identical index for the unique constraint automatically — the explicit one was just paying for a second per-write update. Query plans are unchanged because the planner already preferred the constraint's index. - `upload::parse_image` sniffs from the first 64 bytes instead of the full image buffer. `infer` only looks at magic bytes anyway, so scanning 20 MiB is wasted work. Functionally identical; cheaper in the hot path. - AVIF was on the whitelist but had no test fixture. New `avif_bytes` helper produces a minimal `ftyp avif` header that `infer` recognises, and a new `accepts_avif` unit test covers the path end-to-end. - Frontend `request()` sets `credentials: 'include'`. Same-origin callers see no change (default was already `'same-origin'`), but the first user who configures `CORS_ALLOWED_ORIGINS` for a cross-origin deployment gets working cookies without having to chase a runtime ApiError trail. No version bump. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 23:32:02 +02:00
MechaCat02	a92f6f70e2	feat: multipart manga + chapter uploads with magic-byte MIME sniff POST /api/v1/mangas and POST /api/v1/mangas/{id}/chapters now accept multipart/form-data, gated by CurrentUser: - /mangas: required `metadata` part (NewManga JSON) + optional `cover` image part. - /mangas/{id}/chapters: required `metadata` (NewChapter JSON) + one or more `page` parts ordered by arrival. Returns 404 if the parent manga doesn't exist, 409 on duplicate (manga_id, number). MIME is sniffed via the `infer` crate (magic bytes), not the client-supplied filename or Content-Type. Whitelist: jpeg / png / webp / gif / avif. Anything else → 415 unsupported_media_type. The stored key's extension is derived from the sniffed type so a "page1.png" that's actually a JPEG lands as `.jpg`. Size cap is two-layer: - Request body cap (config.max_request_bytes, default 200 MiB) enforced by axum's DefaultBodyLimit before the handler sees the request. - Per-image-part cap (config.max_file_bytes, default 20 MiB) enforced after reading the part, so a single oversized image can't pass even if the total request fits. Storage keys follow the layout documented in CLAUDE.md: - mangas/{manga_id}/cover.{ext} - mangas/{manga_id}/chapters/{chapter_id}/pages/{nnnn}.{ext} (1-indexed). AppError grows PayloadTooLarge/UnsupportedMediaType/ValidationFailed (413 / 415 / 422). ValidationFailed carries a `details` JSON object the client can use to highlight bad fields (e.g. {"title":"required"}). Top-level matching in code() stays exhaustive. Backend coverage in tests/api_uploads.rs (10 cases): - create_manga_with_cover_stores_image — file is reachable via /api/v1/files/{key} with the right Content-Type. - create_manga_without_cover_leaves_path_null. - create_manga_rejects_non_image_cover_with_415 — PDF claimed as png. - create_manga_rejects_oversized_cover_with_413. - create_chapter_with_pages_stores_each — extension derived from sniffed MIME, files reachable in arrival order. - create_chapter_rejects_when_no_pages_with_422 — details.page set. - create_chapter_rejects_renamed_non_image_page → 415. - create_chapter_returns_409_on_duplicate_number. - create_chapter_requires_authentication → 401. - create_chapter_under_unknown_manga_is_404. Existing tests/api_mangas.rs is migrated to multipart; the create response is now 201 Created. tests/common::MultipartBuilder builds the body by hand so the test crate stays free of HTTP-client deps. Frontend lib/api/mangas.ts: createManga now sends FormData (metadata + optional cover Blob). Browser fills in the boundary header automatically. Vitest asserts the FormData structure via FileReader (jsdom doesn't implement Blob.text()). E2E tests wait for the post-hydration nav-login link before interacting with the login form, fixing a flake where pre-hydration clicks would submit via the browser default and bypass our handler. Lockstep version bump to 0.5.0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 22:21:10 +02:00

Author

SHA1

Message

Date

MechaCat02

d81aca42a0

chore: audit-flagged cleanups (no behaviour change)

Four small follow-ups from the 0.9.0 audit, none of them
user-visible:

- Migration 0007 drops `chapters_manga_idx`. The 0001 schema declared
  both `UNIQUE (manga_id, number)` and `CREATE INDEX chapters_manga_idx
  ON (manga_id, number)`, but Postgres maintains an identical index
  for the unique constraint automatically — the explicit one was just
  paying for a second per-write update. Query plans are unchanged
  because the planner already preferred the constraint's index.
- `upload::parse_image` sniffs from the first 64 bytes instead of the
  full image buffer. `infer` only looks at magic bytes anyway, so
  scanning 20 MiB is wasted work. Functionally identical; cheaper in
  the hot path.
- AVIF was on the whitelist but had no test fixture. New `avif_bytes`
  helper produces a minimal `ftyp avif` header that `infer` recognises,
  and a new `accepts_avif` unit test covers the path end-to-end.
- Frontend `request()` sets `credentials: 'include'`. Same-origin
  callers see no change (default was already `'same-origin'`), but the
  first user who configures `CORS_ALLOWED_ORIGINS` for a cross-origin
  deployment gets working cookies without having to chase a runtime
  ApiError trail.

No version bump.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-16 23:32:02 +02:00

MechaCat02

a92f6f70e2

feat: multipart manga + chapter uploads with magic-byte MIME sniff

POST /api/v1/mangas and POST /api/v1/mangas/{id}/chapters now accept
multipart/form-data, gated by CurrentUser:

- /mangas: required `metadata` part (NewManga JSON) + optional `cover`
  image part.
- /mangas/{id}/chapters: required `metadata` (NewChapter JSON) + one or
  more `page` parts ordered by arrival. Returns 404 if the parent manga
  doesn't exist, 409 on duplicate (manga_id, number).

MIME is sniffed via the `infer` crate (magic bytes), not the
client-supplied filename or Content-Type. Whitelist:
jpeg / png / webp / gif / avif. Anything else → 415
unsupported_media_type. The stored key's extension is derived from the
sniffed type so a "page1.png" that's actually a JPEG lands as `.jpg`.

Size cap is two-layer:
- Request body cap (config.max_request_bytes, default 200 MiB) enforced
  by axum's DefaultBodyLimit before the handler sees the request.
- Per-image-part cap (config.max_file_bytes, default 20 MiB) enforced
  after reading the part, so a single oversized image can't pass even
  if the total request fits.

Storage keys follow the layout documented in CLAUDE.md:
- mangas/{manga_id}/cover.{ext}
- mangas/{manga_id}/chapters/{chapter_id}/pages/{nnnn}.{ext} (1-indexed).

AppError grows PayloadTooLarge/UnsupportedMediaType/ValidationFailed
(413 / 415 / 422). ValidationFailed carries a `details` JSON object the
client can use to highlight bad fields (e.g. {"title":"required"}).
Top-level matching in code() stays exhaustive.

Backend coverage in tests/api_uploads.rs (10 cases):
- create_manga_with_cover_stores_image — file is reachable via
  /api/v1/files/{key} with the right Content-Type.
- create_manga_without_cover_leaves_path_null.
- create_manga_rejects_non_image_cover_with_415 — PDF claimed as png.
- create_manga_rejects_oversized_cover_with_413.
- create_chapter_with_pages_stores_each — extension derived from
  sniffed MIME, files reachable in arrival order.
- create_chapter_rejects_when_no_pages_with_422 — details.page set.
- create_chapter_rejects_renamed_non_image_page → 415.
- create_chapter_returns_409_on_duplicate_number.
- create_chapter_requires_authentication → 401.
- create_chapter_under_unknown_manga_is_404.

Existing tests/api_mangas.rs is migrated to multipart; the create
response is now 201 Created. tests/common::MultipartBuilder builds the
body by hand so the test crate stays free of HTTP-client deps.

Frontend lib/api/mangas.ts: createManga now sends FormData (metadata +
optional cover Blob). Browser fills in the boundary header automatically.
Vitest asserts the FormData structure via FileReader (jsdom doesn't
implement Blob.text()).

E2E tests wait for the post-hydration nav-login link before
interacting with the login form, fixing a flake where pre-hydration
clicks would submit via the browser default and bypass our handler.

Lockstep version bump to 0.5.0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-16 22:21:10 +02:00

2 Commits