a8d6da167c
Four small follow-ups from the second-pass audit:
- N1: `manga_upload_rolls_back_when_cover_storage_fails` covers the
manga-side of the transactional rollback path. The chapter case had
a `FailingStorage` regression test already; this completes the
symmetric pair. With fail-on-put-index=0, the cover put fails on
the first call, the transaction aborts, and `SELECT count(*) FROM
mangas WHERE title = 'Berserk'` is 0.
- N2: The SvelteKit proxy now catches network-layer failures from the
upstream `fetch` (DNS / connection refused / TLS handshake) and
returns a 502 with the standard error envelope
(`code: 'upstream_unavailable'`) instead of letting SvelteKit's
generic 500 HTML page through. `client.ts` can `.json()` the result
cleanly so callers see a real ApiError with a meaningful code. The
underlying cause is logged via `console.error` for the operator.
Test in hooks.server.test.ts asserts the 502, the JSON envelope, and
that `resolve` is not called (the proxy short-circuits).
- N3: `GET /api/v1/files/*key` now sets
`X-Content-Type-Options: nosniff`. The upload-time magic-byte sniff
is authoritative for what we declare as Content-Type; `nosniff`
makes the contract explicit so older user-agents can't try to
re-detect HTML/JS in a polyglot file that survived the sniff. Test
in api_uploads.rs asserts the header.
- N4: The /bookmarks page used `{#if b.page}` to gate the "— page N"
display, which falsy-elided a legitimate `page == 0`. Backend now
rejects `page < 1` for new bookmarks (already shipped in 0.9.4),
but any pre-0.9.4 row with page=0 still rendered without its
number. Strengthened to `{#if b.page != null && b.page > 0}`.
Lockstep version bump to 0.10.1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
69 lines
2.7 KiB
TypeScript
69 lines
2.7 KiB
TypeScript
import type { Handle } from '@sveltejs/kit';
|
|
|
|
// Reverse-proxy `/api/*` requests through to the backend container.
|
|
//
|
|
// Mangalord's compose runs SvelteKit (this process) on :3000 and axum on
|
|
// :8080. The browser only ever talks to :3000, so cookies stay
|
|
// same-origin and `CORS_ALLOWED_ORIGINS` can stay empty in the default
|
|
// deploy. The backend hostname comes from `BACKEND_URL` (compose wires
|
|
// `http://backend:8080`); for `npm run dev` we fall back to the same
|
|
// localhost target the vite proxy uses, which keeps the dev story
|
|
// consistent even if someone bypasses the vite proxy.
|
|
|
|
const BACKEND_URL = process.env.BACKEND_URL ?? 'http://localhost:8080';
|
|
|
|
export const handle: Handle = async ({ event, resolve }) => {
|
|
if (event.url.pathname.startsWith('/api/')) {
|
|
const target = `${BACKEND_URL}${event.url.pathname}${event.url.search}`;
|
|
|
|
// Strip hop-by-hop headers — `host` would mislead the backend
|
|
// about the origin, and `content-length` will be recomputed.
|
|
const headers = new Headers(event.request.headers);
|
|
headers.delete('host');
|
|
headers.delete('content-length');
|
|
|
|
const init: RequestInit & { duplex?: 'half' } = {
|
|
method: event.request.method,
|
|
headers,
|
|
redirect: 'manual'
|
|
};
|
|
if (event.request.method !== 'GET' && event.request.method !== 'HEAD') {
|
|
init.body = event.request.body;
|
|
// Node's fetch requires `duplex: 'half'` when streaming a
|
|
// request body; otherwise the stream is rejected.
|
|
init.duplex = 'half';
|
|
}
|
|
|
|
let upstream: Response;
|
|
try {
|
|
upstream = await fetch(target, init);
|
|
} catch (e) {
|
|
// Network-layer failure (DNS / connection refused / TLS
|
|
// handshake) — most commonly "backend container restarting".
|
|
// SvelteKit's default 500 would be an HTML page that
|
|
// client.ts can't .json(), which masks the real cause. Emit
|
|
// the standard envelope with a dedicated code instead.
|
|
console.error('Proxy to backend failed:', e);
|
|
return new Response(
|
|
JSON.stringify({
|
|
error: {
|
|
code: 'upstream_unavailable',
|
|
message: 'backend unreachable'
|
|
}
|
|
}),
|
|
{
|
|
status: 502,
|
|
headers: { 'content-type': 'application/json' }
|
|
}
|
|
);
|
|
}
|
|
|
|
return new Response(upstream.body, {
|
|
status: upstream.status,
|
|
statusText: upstream.statusText,
|
|
headers: upstream.headers
|
|
});
|
|
}
|
|
return resolve(event);
|
|
};
|