Ensure non multi-user flow stays

2026-02-06 23:05:23 -08:00
parent 7aa33a1bdf
commit f214e4f7b7
12 changed files with 80 additions and 70 deletions
@@ -11,9 +11,7 @@ import { describe, it, expect, beforeAll, afterAll, beforeEach } from "vitest";
 import bcrypt from "bcrypt";
 import {
  getTestPrisma,
-  cleanupTestDb,
  setupTestDb,
-  createTestDrawingPayload,
 } from "./testUtils";
 import { PrismaClient } from "../generated/client";

@@ -1,7 +1,7 @@
 import express, { Request, Response } from "express";
 import bcrypt from "bcrypt";
 import jwt, { SignOptions } from "jsonwebtoken";
-import { PrismaClient, Prisma } from "../generated/client";
+import { PrismaClient } from "../generated/client";
 import { StringValue } from "ms";
 import { logAuditEvent } from "../utils/audit";
 import {
@@ -24,14 +24,6 @@ interface Config {
  enableAuditLogging: boolean;
 }

-const getRequiredEnv = (key: string): string => {
-  const value = process.env[key];
-  if (!value || value.trim().length === 0) {
-    throw new Error(`Missing required environment variable: ${key}`);
-  }
-  return value;
-};
-
 const getOptionalEnv = (key: string, defaultValue: string): string => {
  return process.env[key] || defaultValue;
 };
@@ -908,7 +908,6 @@ registerImportExportRoutes({
  asyncHandler,
  upload,
  uploadDir,
-  config,
  backendRoot,
  getBackendVersion,
  parseJsonField,
@@ -13,7 +13,7 @@ type AuthEnabledCache = {
 };

 let authEnabledCache: AuthEnabledCache | null = null;
-const AUTH_ENABLED_TTL_MS = 0;
+const AUTH_ENABLED_TTL_MS = 5000;

 const getAuthEnabled = async (): Promise<boolean> => {
  const now = Date.now();
@@ -21,17 +21,33 @@ const getAuthEnabled = async (): Promise<boolean> => {
    return authEnabledCache.value;
  }

-  const systemConfig = await prisma.systemConfig.upsert({
+  let systemConfig = await prisma.systemConfig.findUnique({
    where: { id: DEFAULT_SYSTEM_CONFIG_ID },
-    update: {},
-    create: {
-      id: DEFAULT_SYSTEM_CONFIG_ID,
-      authEnabled: false,
-      registrationEnabled: false,
-    },
    select: { authEnabled: true },
  });

+  if (!systemConfig) {
+    try {
+      systemConfig = await prisma.systemConfig.create({
+        data: {
+          id: DEFAULT_SYSTEM_CONFIG_ID,
+          authEnabled: false,
+          registrationEnabled: false,
+        },
+        select: { authEnabled: true },
+      });
+    } catch {
+      // Handle race from concurrent initialization.
+      systemConfig = await prisma.systemConfig.findUnique({
+        where: { id: DEFAULT_SYSTEM_CONFIG_ID },
+        select: { authEnabled: true },
+      });
+      if (!systemConfig) {
+        throw new Error("Failed to initialize system config");
+      }
+    }
+  }
+
  authEnabledCache = { value: systemConfig.authEnabled, fetchedAt: now };
  return systemConfig.authEnabled;
 };
@@ -211,17 +211,15 @@ export const registerDashboardRoutes = (
    if (!req.user) return res.status(401).json({ error: "Unauthorized" });

    const { id } = req.params;
-    const drawing = await prisma.drawing.findUnique({ where: { id } });
+    const drawing = await prisma.drawing.findFirst({
+      where: {
+        id,
+        userId: req.user.id,
+      },
+    });
    if (!drawing) {
      return res.status(404).json({ error: "Drawing not found", message: "Drawing does not exist" });
    }
-    if (drawing.userId !== req.user.id) {
-      return res.status(403).json({
-        error: "Forbidden",
-        code: "DRAWING_ACCESS_DENIED",
-        message: "You do not have access to this drawing",
-      });
-    }

    return res.json({
      ...drawing,
@@ -56,7 +56,6 @@ type RegisterImportExportDeps = {
  ) => express.RequestHandler;
  upload: any;
  uploadDir: string;
-  config: { nodeEnv: string };
  backendRoot: string;
  getBackendVersion: () => string;
  parseJsonField: <T>(rawValue: string | null | undefined, fallback: T) => T;
@@ -231,7 +230,6 @@ export const registerImportExportRoutes = (deps: RegisterImportExportDeps) => {
    asyncHandler,
    upload,
    uploadDir,
-    config,
    backendRoot,
    getBackendVersion,
    parseJsonField,