1043fe3b51
Add the two blocking test-coverage specs requested in the PR #214 review and clear the cheap non-blocking items. Must-fix: - share-alias-redirect.controller.spec.ts: routing/leak guard for the public GET /l/:alias resolver (modeled on share-seo.controller.routing.spec). Pins 302-to-canonical on a hit; SPA index without a 302 for unknown/dangling/ unreadable aliases and a null workspace (no name-existence leak); defensive percent-decoding treated as unknown; self-hosted findFirst vs subdomain findByHostname workspace resolution; 404 when no built client index exists. - share-alias.controller.spec.ts: authz gates with mocked PageRepo/ShareService/ ShareAliasService/PageAccessService. Covers cross-workspace/nonexistent page -> NotFoundException, validateCanEdit, resolveReadableSharePage null -> BadRequestException, isSharingAllowed false -> ForbiddenException, set happy path delegation, remove() of a dangling alias (pageId null) skipping validateCanEdit but still deleting, and for-page validateCanView. Cheap review items: - Remove dead Logger import/field from ShareAliasRedirectController. - Remove dead PagePermissionRepo import/dependency from ShareAliasController. - Register the new share-alias UI strings in en-US and ru-RU catalogs. - Add an [Unreleased]/Added CHANGELOG entry for /l/:alias (#205). - Drop the tautological boilerplate assertions from the migration spec (exports up/down; runtime checks of typed entity literals). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
101 KiB
101 KiB