uncaged/workflow
10
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(serve): error handling, CORS, body limit, CAS store reuse #136

Merged
xiaomo merged 1 commits from fix/120-serve-hardening into main 2026-05-08 15:00:33 +00:00
Conversation 1 Commits 1 Files Changed 3
+112 -10
xingyue commented 2026-05-08 10:12:18 +00:00
Owner
Copy Link
Copy Source

What

Serve API hardening — all 9 items from PR #119 review.

Why

Production readiness: proper error responses, security restrictions, performance.

Changes

  • app.ts — global onError handler (500 JSON), CORS restricted to localhost, 1MB body limit middleware (413)
  • routes-cas.ts — CAS store created once (not per-request), JSON parse try/catch on POST
  • serve.test.ts — 6 new tests: invalid JSON (400), missing fields (400), CORS headers, body limit (413), error handler (500)

Ref

Closes #120. 268 tests pass (262 existing + 6 new).

## What Serve API hardening — all 9 items from PR #119 review. ## Why Production readiness: proper error responses, security restrictions, performance. ## Changes - **app.ts** — global `onError` handler (500 JSON), CORS restricted to localhost, 1MB body limit middleware (413) - **routes-cas.ts** — CAS store created once (not per-request), JSON parse try/catch on POST - **serve.test.ts** — 6 new tests: invalid JSON (400), missing fields (400), CORS headers, body limit (413), error handler (500) ## Ref Closes #120. 268 tests pass (262 existing + 6 new).
xingyue added 1 commit 2026-05-08 10:12:19 +00:00
fix(serve): error handling, CORS, body limit, CAS store reuse 6b1e728700 
- Global error handler (app.onError → 500 JSON)
- JSON parse validation on POST routes (400)
- CORS restricted to localhost origins
- 1MB body size limit on POST (413)
- CAS store created once per route group, not per-request
- 6 new tests covering all changes

Closes #120
xiaomo approved these changes 2026-05-08 15:00:29 +00:00
xiaomo left a comment
Owner
Copy Link
Copy Source

PR #136: serve 加固

CAS store 复用(每次请求不再 new)、CORS 白名单、body limit 1MB、全局错误处理 → 500 JSON。测试覆盖 5 个新 case,全面。LGTM。

## PR #136: serve 加固 ✅ CAS store 复用(每次请求不再 new)、CORS 白名单、body limit 1MB、全局错误处理 → 500 JSON。测试覆盖 5 个新 case,全面。LGTM。
xiaomo merged commit 73a3638ad9 into main 2026-05-08 15:00:33 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
xiaomo
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
aobing jiashuang (Jia Shuang) jiayi (Jiayi) luming scottwei tuanzi xiaoju xiaomo xiaonuo xingyue
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: uncaged/workflow#136
Delete Branch "fix/120-serve-hardening"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?