v1 review pass: fixed some minor bugs

2026-03-16 11:08:39 +00:00
parent e88fed4e98
commit 867e64cb5b
37 changed files with 1228 additions and 400 deletions
--- a/api/routes/avatars.ts
+++ b/api/routes/avatars.ts
@@ -39,7 +39,11 @@ router.post("/api/avatars/me", authMiddleware, async (ctx) => {
  const authPayload = ctx.state.user;
  const contentType = ctx.request.headers.get("content-type") ?? "";
  if (!contentType.includes("multipart/form-data")) {
-    throw new APIException(APIErrorCode.BAD_REQUEST, 400, "Expected multipart/form-data");
+    throw new APIException(
+      APIErrorCode.BAD_REQUEST,
+      400,
+      "Expected multipart/form-data",
+    );
  }

  const body = await ctx.request.body.formData();
@@ -58,13 +62,21 @@ router.post("/api/avatars/me", authMiddleware, async (ctx) => {
  }

  if (file.size > MAX_AVATAR_SIZE) {
-    throw new APIException(APIErrorCode.BAD_REQUEST, 400, "File too large (max 5 MB)");
+    throw new APIException(
+      APIErrorCode.BAD_REQUEST,
+      400,
+      "File too large (max 5 MB)",
+    );
  }

  const data = new Uint8Array(await file.arrayBuffer());

  if (!checkMagicBytes(data, file.type)) {
-    throw new APIException(APIErrorCode.BAD_REQUEST, 400, "File content does not match declared type");
+    throw new APIException(
+      APIErrorCode.BAD_REQUEST,
+      400,
+      "File content does not match declared type",
+    );
  }

  await Deno.mkdir(AVATARS_DIR, { recursive: true });
--- a/api/routes/dumps.ts
+++ b/api/routes/dumps.ts
@@ -87,7 +87,11 @@ router.put("/:dumpId/file", authMiddleware, async (ctx) => {

  const dump = getDump(dumpId);
  if (userId !== dump.userId) {
-    throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "Not authorized to update dump");
+    throw new APIException(
+      APIErrorCode.UNAUTHORIZED,
+      401,
+      "Not authorized to update dump",
+    );
  }

  const formData = await ctx.request.body.formData();
@@ -95,7 +99,11 @@ router.put("/:dumpId/file", authMiddleware, async (ctx) => {
  const comment = formData.get("comment");

  if (!(file instanceof File)) {
-    throw new APIException(APIErrorCode.VALIDATION_ERROR, 400, "A file is required");
+    throw new APIException(
+      APIErrorCode.VALIDATION_ERROR,
+      400,
+      "A file is required",
+    );
  }

  const updatedDump = await replaceFileDump(
@@ -113,13 +121,21 @@ router.put("/:dumpId", authMiddleware, async (ctx) => {
  const body = await ctx.request.body.json();

  if (!isUpdateDumpRequest(body)) {
-    throw new APIException(APIErrorCode.VALIDATION_ERROR, 422, "Erroneous user input");
+    throw new APIException(
+      APIErrorCode.VALIDATION_ERROR,
+      422,
+      "Erroneous user input",
+    );
  }

  const dump = getDump(dumpId);

  if (userId !== dump.userId) {
-    throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "Not authorized to update dump");
+    throw new APIException(
+      APIErrorCode.UNAUTHORIZED,
+      401,
+      "Not authorized to update dump",
+    );
  }

  const updatedDump = await updateDump(dumpId, body);
@@ -133,7 +149,11 @@ router.delete("/:dumpId", authMiddleware, async (ctx) => {
  const dump = getDump(dumpId);

  if (userId !== dump.userId) {
-    throw new APIException(APIErrorCode.UNAUTHORIZED, 401, "Not authorized to delete dump");
+    throw new APIException(
+      APIErrorCode.UNAUTHORIZED,
+      401,
+      "Not authorized to delete dump",
+    );
  }

  await deleteDump(dumpId);
--- a/api/routes/files.ts
+++ b/api/routes/files.ts
@@ -15,20 +15,62 @@ router.get("/:dumpId", async (ctx) => {
  const dump = getDump(dumpId);

  if (dump.kind !== "file" || !dump.fileMime || !dump.fileName) {
-    throw new APIException(APIErrorCode.NOT_FOUND, 404, "No file for this dump");
+    throw new APIException(
+      APIErrorCode.NOT_FOUND,
+      404,
+      "No file for this dump",
+    );
  }

+  const path = `api/uploads/${dumpId}`;
+
+  let data: Uint8Array;
  try {
-    const data = await Deno.readFile(`api/uploads/${dumpId}`);
-    ctx.response.headers.set("Content-Type", dump.fileMime);
-    ctx.response.headers.set(
-      "Content-Disposition",
-      `inline; filename="${dump.fileName}"`,
-    );
-    ctx.response.body = data;
+    data = await Deno.readFile(path);
  } catch {
    throw new APIException(APIErrorCode.NOT_FOUND, 404, "File not found");
  }
+
+  const total = data.byteLength;
+  ctx.response.headers.set("Content-Type", dump.fileMime);
+  ctx.response.headers.set(
+    "Content-Disposition",
+    `inline; filename="${dump.fileName}"`,
+  );
+  ctx.response.headers.set("Accept-Ranges", "bytes");
+
+  const rangeHeader = ctx.request.headers.get("Range");
+
+  if (rangeHeader) {
+    const match = rangeHeader.match(/^bytes=(\d*)-(\d*)$/);
+    if (!match) {
+      ctx.response.status = 416;
+      ctx.response.headers.set("Content-Range", `bytes */${total}`);
+      return;
+    }
+
+    const start = match[1]
+      ? parseInt(match[1], 10)
+      : total - parseInt(match[2], 10);
+    const end = match[2]
+      ? Math.min(parseInt(match[2], 10), total - 1)
+      : total - 1;
+
+    if (start > end || start >= total) {
+      ctx.response.status = 416;
+      ctx.response.headers.set("Content-Range", `bytes */${total}`);
+      return;
+    }
+
+    const chunk = data.subarray(start, end + 1);
+    ctx.response.status = 206;
+    ctx.response.headers.set("Content-Range", `bytes ${start}-${end}/${total}`);
+    ctx.response.headers.set("Content-Length", String(chunk.byteLength));
+    ctx.response.body = chunk;
+  } else {
+    ctx.response.headers.set("Content-Length", String(total));
+    ctx.response.body = data;
+  }
 });

 export default router;
--- a/api/routes/preview.ts
+++ b/api/routes/preview.ts
@@ -1,5 +1,8 @@
 import { Router } from "@oak/oak";
-import { fetchRichContent, isValidHttpUrl } from "../services/rich-content-service.ts";
+import {
+  fetchRichContent,
+  isValidHttpUrl,
+} from "../services/rich-content-service.ts";

 const previewRouter = new Router();

--- a/api/routes/users.ts
+++ b/api/routes/users.ts
@@ -14,7 +14,10 @@ import {
  getUserById,
  getUserByUsername,
 } from "../services/user-service.ts";
-import { getDumpsByUser, getVotedDumpsByUser } from "../services/dump-service.ts";
+import {
+  getDumpsByUser,
+  getVotedDumpsByUser,
+} from "../services/dump-service.ts";

 // Users router
 const router = new Router({ prefix: "/api/users" });
--- a/api/routes/ws.ts
+++ b/api/routes/ws.ts
@@ -5,10 +5,14 @@ import {
  broadcastVoteUpdate,
  getOnlineUsers,
  register,
-  type WsClient,
  unregister,
+  type WsClient,
 } from "../services/ws-service.ts";
-import { castVote, getUserVotes, removeVote } from "../services/vote-service.ts";
+import {
+  castVote,
+  getUserVotes,
+  removeVote,
+} from "../services/vote-service.ts";
 import { getUserById } from "../services/user-service.ts";
 import { APIException } from "../model/interfaces.ts";

@@ -38,7 +42,9 @@ router.get("/ws", async (ctx) => {

  let avatarMime: string | undefined;
  if (authPayload) {
-    try { avatarMime = getUserById(authPayload.userId).avatarMime; } catch { /* user not found */ }
+    try {
+      avatarMime = getUserById(authPayload.userId).avatarMime;
+    } catch { /* user not found */ }
  }

  const client: WsClient = {
@@ -100,7 +106,9 @@ function handleVote(
  const { socket } = client;

  if (!client.userId) {
-    socket.send(JSON.stringify({ type: "error", message: "Authentication required" }));
+    socket.send(
+      JSON.stringify({ type: "error", message: "Authentication required" }),
+    );
    return;
  }

@@ -122,7 +130,7 @@ function handleVote(
      voteCount: newCount,
    }));

-    broadcastVoteUpdate(dumpId, newCount);
+    broadcastVoteUpdate(dumpId, newCount, client.userId, action);
  } catch (err) {
    const message = err instanceof APIException ? err.message : "Vote failed";
    socket.send(JSON.stringify({ type: "error", message }));