viktor/wrongmove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix 7 bugs: security, memory leak, stale state, error handling

Browse source 
- WebSocket: verify task ownership before allowing subscribe (security)
- POI routes: replace assert with HTTPException for production safety
- cancel_task: return HTTP 404 instead of 200 for missing tasks
- routing_config: add descriptive ValueError for invalid env vars
- POIManager: show error feedback instead of silently swallowing failures
- VisualizationCard: reset POI/travel mode state on metric switch
- Map: clean up heatmap layers/sources on unmount to prevent memory leak
- Update test to expect 404 from cancel_task ownership check
This commit is contained in:
Viktor Barzin 2026-02-13 19:36:43 +00:00
parent 25c87da1cf
commit 41b7d221e4
No known key found for this signature in database
GPG key ID: 0EB088298288D958
8 changed files with 45 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/integration/test_api_workflow.py
View file

@ -296,9 +296,7 @@ async def test_cancel_task_not_owned(
monkeypatch.setattr("services.task_service.get_user_tasks", lambda email: [])
resp = await async_client.post("/api/cancel_task?task_id=not-mine")
assert resp.status_code == 200
data = resp.json()
assert data["success"] is False
assert resp.status_code == 404
@pytest.mark.asyncio