openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
271 commits 1 branch 16 tags 5.8 MiB
Commit graph

12 commits

Author SHA1 Message Date
OpenClaw Subagent
2e8a240654 fix: remove unnecessary 'as any' casts and add proper types to templates
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 4m29s
Details 
- Replace (req as any).requestId with req.requestId in index.ts, recover.ts, email-change.ts
- Replace (err as any).status with proper Record<string, unknown> narrowing in error handler
- Add InvoiceData, ReceiptData, ContactInfo, InvoiceItem, ReceiptItem interfaces to templates.ts
- Replace all 'any' params in template functions with proper types
- Add type-safety regression tests (grep-based)
- 818 tests pass, tsc --noEmit: 0 errors
 2026-03-19 08:12:30 +01:00
DocFast CEO
5a7ee79316 refactor: eliminate all catch(err: any) with proper unknown typing + type email transport
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 19m10s
Details 
- Replace all catch(err: any) with catch(err: unknown) across 8 source files
- Add errorMessage() and errorCode() helpers for safe error property access
- Type nodemailer transport config as SMTPTransport.Options (was any)
- Type health endpoint databaseStatus (was any)
- Type convert route margin param (was any)
- Change queryWithRetry params from any[] to unknown[]
- Update isTransientError to require Error instances (was accepting plain objects)
- 19 new TDD tests (error-type-safety.test.ts)
- Updated existing tests to use proper Error instances
- 598 tests total, all passing, zero type errors
 2026-03-09 11:10:58 +01:00
Hoid
da049b77e3 fix(cors): dynamic origin for staging support (BUG-111) + eliminate all 'as any' casts
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 17m51s
Details 
- CORS middleware now allows both docfast.dev and staging.docfast.dev origins
  for auth/billing routes, with Vary: Origin header for proper caching
- Unknown origins fall back to production origin (not reflected)
- 13 TDD tests added for CORS behavior

Type safety improvements:
- Augment Express.Request with requestId, acquirePdfSlot, releasePdfSlot
- Use Puppeteer's PaperFormat and PuppeteerLifeCycleEvent types in browser.ts
- Use 'as const' for format literals in convert/demo/templates routes
- Replace Stripe apiVersion 'as any' with @ts-expect-error
- Zero 'as any' casts remaining in production code

579 tests passing (13 new), 51 test files
 2026-03-09 08:08:37 +01:00
OpenClaw Agent
424a16ed8a fix: prevent error message information disclosure + standardize error handling (TDD)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m10s
Details 
Security & Consistency Fixes:
- Convert routes no longer leak internal error messages (err.message)
- Templates route no longer exposes error details via 'detail' field
- Admin cleanup endpoint no longer exposes error message
- Standardized QUEUE_FULL response: 429 → 503 (Service Unavailable)
- Added missing PDF_TIMEOUT handling: returns 504 Gateway Timeout
- Generic 500 errors now return 'PDF generation failed.' without internals

TDD Approach:
1. RED: Created error-responses.test.ts with 11 failing tests
2. GREEN: Fixed src/routes/convert.ts, templates.ts, and index.ts
3. Updated convert.test.ts to expect new correct status codes
4. All 541 tests pass

Before: 'PDF generation failed: Puppeteer crashed: SIGSEGV in Chrome'
After:  'PDF generation failed.' (internals logged, not exposed)

Closes security audit findings re: information disclosure
 2026-03-07 17:05:54 +01:00
Hoid
f9caef82e6 feat: add PDF render timing to convert and demo routes
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 1m42s
Details 
- renderPdf() and renderUrlPdf() now return { pdf, durationMs }
- Timing wraps the actual render with Date.now()
- Log render duration via logger.info
- Add X-Render-Time response header in convert and demo routes
- Update all callers in convert, demo, templates routes
- Add TDD tests in render-timing.test.ts
- Update existing test mocks for new return shape
 2026-03-06 11:08:06 +01:00
OpenClaw
47571c8c81 fix: validate PDF options in template render route (BUG-103)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 16m25s
Details
2026-03-05 11:04:22 +01:00
Hoid
0a002f94ef refactor: deduplicate sanitizeFilename, add template+sanitize unit tests, fix esc single-quote
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 11m38s
Details
2026-02-25 16:04:22 +00:00
DocFast Bot
792e2d9142 v0.4.1: Code-driven OpenAPI docs via swagger-jsdoc
Some checks failed
Build & Deploy to Staging / Build & Deploy to Staging (push) Has been cancelled
Details 
- Add swagger-jsdoc dependency for auto-generating OpenAPI spec from JSDoc
- Add JSDoc @openapi annotations to all route handlers
- Create scripts/generate-openapi.mjs build step
- OpenAPI spec now auto-generated from code — no manual JSON editing
- All 13 endpoints documented with full parameters
- New demo endpoints documented, signup marked as deprecated
- Updated info description: demo-first, no free tier references
- Dockerfile updated to run openapi generation during build
- Build script updated: npm run build generates spec before compile
 2026-02-20 07:54:37 +00:00
OpenClaw
59cc8f3d0e Session 45: support email, audit fixes (template validation, content-type, admin auth, waitUntil)
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 2m20s
Details 
- Added support@docfast.dev to footer, impressum, terms, landing page, openapi.json
- Fixed audit #6: Template render validates required fields (400 on missing)
- Fixed audit #7: Content-Type check on markdown/URL routes (415)
- Fixed audit #11: /v1/usage and /v1/concurrency now require ADMIN_API_KEY
- Fixed audit Critical #3: URL convert uses domcontentloaded instead of networkidle0
 2026-02-16 19:30:21 +00:00
OpenClaw
9541ae1826 Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix
Some checks failed
Deploy to Production / Deploy to Server (push) Failing after 20s
Details 
- Add pino structured logging with request IDs (X-Request-Id header)
- Add 30s timeout to acquirePage() and renderPdf/renderUrlPdf
- Add verification cache cleanup (every 15min) and rate limit cleanup (every 60s)
- Read version from package.json in health endpoint
- Add compression middleware
- Escape currency in templates (XSS fix)
- Add static asset caching (1h maxAge)
- Remove deprecated docker-compose version field
- Replace all console.log/error with pino logger
 2026-02-16 08:27:42 +00:00
DocFast Bot
6891e488b6 fix(BUG-006,007,008): copy feedback, invoice data unwrap, zero margins 
BUG-007: Unwrap req.body.data for template endpoint (docs show wrapped format)
BUG-008: Default PDF margins set to 0 (user can override via request body)
BUG-006: Copy button shows Copied! for 2s then reverts
 2026-02-14 15:28:00 +00:00
DocFast Bot
feee0317ae Initial MVP: DocFast PDF API 
- HTML/Markdown to PDF conversion via Puppeteer
- Invoice and receipt templates
- API key auth + rate limiting
- Dockerfile for deployment
 2026-02-14 12:38:06 +00:00