DocFast session 130: BUG-104 (ToS), BUG-105 (examples), proactive audit
This commit is contained in:
Hoid
parent
15942026cd
commit
1ab75e871b
4 changed files with 103 additions and 6 deletions
|
|
@ -1,3 +1,34 @@
|
|||
## BUG-105: Go and PHP examples show non-existent SDK code despite "SDK coming soon" disclaimer
|
||||
- **Date:** 2026-03-05
|
||||
- **Severity:** MEDIUM
|
||||
- **Issue:** The /examples page Go and PHP sections say "SDK coming soon. In the meantime, use the HTTP example below" but then show SDK code (`github.com/docfast/docfast-go`, `DocFast\Client`, Laravel facade). The SDKs don't exist. Labels also say "Using the SDK." BUG-086 partially fixed this by adding disclaimers, but the actual code examples were never replaced with plain HTTP examples.
|
||||
- **Impact:** Developers following Go/PHP examples will get import errors. Contradicts the "SDK coming soon" disclaimer.
|
||||
- **Fix:** Replace SDK code with plain HTTP examples using `net/http` (Go) and `file_get_contents`/curl (PHP). Update labels to "Using HTTP" or similar. Remove Laravel facade example or clearly mark as future.
|
||||
- **Status:** 🔧 IN PROGRESS — sub-agent dispatched
|
||||
|
||||
## BUG-105: Go and PHP examples show non-existent SDK code
|
||||
- **Date:** 2026-03-05
|
||||
- **Severity:** MEDIUM
|
||||
- **Issue:** Go example used `github.com/docfast/docfast-go` (doesn't exist), PHP example used `DocFast\Client` (doesn't exist). Both said "SDK coming soon" but showed SDK code. Developers copying these would get import errors.
|
||||
- **Fix:** Replaced with plain HTTP examples (Go: `net/http`, PHP: `file_get_contents`). Removed fake Laravel facade. 5 regression tests added.
|
||||
- **Status:** ✅ FIXED — commit 4f6659c. 484 tests passing, 32 test files.
|
||||
|
||||
## BUG-104: Terms of Service still references discontinued "Free Tier"
|
||||
- **Date:** 2026-03-05
|
||||
- **Severity:** MEDIUM
|
||||
- **Issue:** `public/src/terms.html` section 2.1 describes a "Free Tier" with "100 PDF conversions" and "10 requests per minute." Free accounts were discontinued — only a Demo endpoint exists (5 req/hour, no account needed). Section 5.1 also says "no SLA for free tier."
|
||||
- **Impact:** Legal page contradicts actual product offering. Could confuse users or create contractual ambiguity.
|
||||
- **Fix:** Replace Free Tier section with Demo tier description; update SLA reference.
|
||||
- **Status:** ✅ FIXED — commit 503e651. Section 2.1 now describes Demo (Free), section 5.1 updated. 3 regression tests added. 487 tests total, all passing.
|
||||
|
||||
## BUG-103: Template render route bypasses PDF option validation entirely
|
||||
- **Date:** 2026-03-05
|
||||
- **Severity:** MEDIUM
|
||||
- **Issue:** `/v1/templates/:id/render` accepts `_format` and `_margin` from user input and passes them directly to `renderPdf()` without going through `validatePdfOptions()`. All convert routes and demo routes were fixed in BUG-102 to use validated/sanitized options, but the template route was missed. Invalid format values (e.g., `"invalid"`) go straight to Puppeteer.
|
||||
- **Impact:** Users could pass invalid page formats or margin values to template rendering. Puppeteer may reject or silently handle them. Inconsistent validation across API surface.
|
||||
- **Fix:** Import and use `validatePdfOptions()` in template render route, same pattern as convert/demo routes.
|
||||
- **Status:** ✅ FIXED — commit 47571c8. Added `validatePdfOptions()` to template render route. 6 TDD tests added (templates-render-validation.test.ts). 479 tests total, all passing. Pushed to main.
|
||||
|
||||
## BUG-102: Convert/demo routes ignore sanitized PDF options from validator
|
||||
- **Date:** 2026-03-05
|
||||
- **Severity:** MEDIUM
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue