alexei.dolgolyov/ledgrab
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

chore(backend): MQTT/WLED/devices/capture/utils + api routes hardening

Browse Source 
Bundle the remaining backend touch-ups that the production review
landed individually as small surgical edits across many modules:
- MQTT runtime: fire-and-forget task tracking + drain resilience.
- mqtt_source + store + storage/color_strip_source: secret_box
  encryption for credentials with auto-migration of plaintext fields.
- devices/discovery_watcher: task tracking on watcher start/stop.
- devices/wled_client + wled_provider: URL scheme inference helper
  applied at the create/update boundary so bare hostnames stay valid.
- core/capture/screen_capture: hardened error paths.
- core/processing (mapped/processed/processor_manager/video/wled_target):
  smaller follow-throughs from the registry refactor that landed
  earlier on the branch.
- utils/safe_source + utils/file_ops + utils/__init__: shared URL +
  IP classification helpers + larger streaming upload size caps.
- api/auth: WebSocket Origin allow-list + /docs auth-gate.
- api/dependencies: register the new HTTP-endpoint store.
- api/routes (assets, backup, webhooks): streaming-upload caps +
  asyncio.gather return_exceptions on broadcast loops.
- tests/test_api + tests/e2e/test_backup_flow: cover the new caps and
  the Origin allow-list.
This commit is contained in:
Admin
2026-05-23 00:50:01 +03:00
parent 45d12b2811
commit 898912f8b1
22 changed files with 498 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/tests/test_api.py
+16 -4
View File
@@ -78,15 +78,27 @@ def test_get_displays(client):
def test_openapi_docs(client):
"""Test OpenAPI documentation is available."""
response = client.get("/openapi.json")
"""Test OpenAPI documentation is available to authenticated clients."""
response = client.get("/openapi.json", headers=AUTH_HEADERS)
assert response.status_code == 200
data = response.json()
assert data["info"]["version"] == __version__
def test_swagger_ui(client):
"""Test Swagger UI is available."""
response = client.get("/docs")
"""Test Swagger UI is available to authenticated clients."""
response = client.get("/docs", headers=AUTH_HEADERS)
assert response.status_code == 200
assert "text/html" in response.headers["content-type"]
def test_openapi_docs_requires_auth(client):
"""OpenAPI surface must NOT be reachable without auth (info disclosure)."""
response = client.get("/openapi.json")
assert response.status_code == 401
def test_swagger_ui_requires_auth(client):
"""Swagger UI must NOT be reachable without auth."""
response = client.get("/docs")
assert response.status_code == 401