3d4ad664b3
Batches 6-9: behaviour-preserving extractions of testable pure cores plus the tests they unblock, and a fix for the broken client test environment. Full suites green: server 113 suites / 1117 + 1 todo, client 30 files / 338. client (R0 infra): - vitest.setup.ts: in-memory localStorage/sessionStorage Storage stub wired via setupFiles. Unblocks menu-items.gating.test.ts (was 9 failing) -> client suite fully green. + menu-items.suggestions.test.ts (getSuggestionItems filter/sort). share: - extract buildShareMetaHtml (share-seo.util.ts) from the SEO controller; tests for reflected-XSS escaping in <title>/og/twitter meta, noindex, truncation; extractPageSlugId; updateAttachmentAttr; prepareContentForShare comment-strip (anonymous-viewer metadata-leak guard). ai-chat (security extractions): - selectAccessibleHits: CASL post-filter for semantic search (restricted page in an accessible space must NOT leak to the agent). - validateResolvedAddresses: SSRF connect-time guard (block if ANY resolved address is private). - resolveAudioFormat: mime whitelist (dead `?? 'webm'` fallback dropped, set unchanged). + mcp-servers toView header-leak guard, MCP tool namespacing. collaboration (data-loss area): - extract computeHistoryJob (pins the "agent delay MUST stay 0" invariant) and resolveSource. Integration: onAuthenticate read-only matrix (collab auth bypass), HistoryProcessor (contributor restore on save failure), onStoreDocument Approach-A boundary snapshot (human revision pinned before agent overwrite). Reviewed (APPROVE WITH SUGGESTIONS): extractions behaviour-preserving, security tests mutation-resistant. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
42 lines
1.6 KiB
TypeScript
42 lines
1.6 KiB
TypeScript
import { ShareSeoController } from './share-seo.controller';
|
|
|
|
// Pins ShareSeoController.extractPageSlugId — the slug→pageId resolver used to
|
|
// look up a shared page from the public URL. A full UUID must pass through
|
|
// untouched; a "title-slug-<id>" must yield the trailing token; a single token
|
|
// is returned as-is; falsy input yields undefined. The method does not touch
|
|
// `this`, so the controller can be constructed with null collaborators.
|
|
|
|
function buildController(): ShareSeoController {
|
|
return new ShareSeoController(null as any, null as any, null as any);
|
|
}
|
|
|
|
describe('ShareSeoController.extractPageSlugId', () => {
|
|
const controller = buildController();
|
|
|
|
it('returns a full UUID unchanged', () => {
|
|
const uuid = '550e8400-e29b-41d4-a716-446655440000';
|
|
expect(controller.extractPageSlugId(uuid)).toBe(uuid);
|
|
});
|
|
|
|
it('returns the trailing token of a title-slug-id form', () => {
|
|
expect(controller.extractPageSlugId('my-page-title-abc123')).toBe('abc123');
|
|
});
|
|
|
|
it('returns a single token (no hyphen) as-is', () => {
|
|
expect(controller.extractPageSlugId('abc123')).toBe('abc123');
|
|
});
|
|
|
|
it('returns the last segment for a two-token slug', () => {
|
|
expect(controller.extractPageSlugId('hello-world')).toBe('world');
|
|
});
|
|
|
|
it('returns undefined for an empty string (falsy guard)', () => {
|
|
expect(controller.extractPageSlugId('')).toBeUndefined();
|
|
});
|
|
|
|
it('returns undefined for null/undefined input', () => {
|
|
expect(controller.extractPageSlugId(undefined as any)).toBeUndefined();
|
|
expect(controller.extractPageSlugId(null as any)).toBeUndefined();
|
|
});
|
|
});
|