424a16ed8a
fix: prevent error message information disclosure + standardize error handling (TDD)
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 13m10s
Security & Consistency Fixes:
- Convert routes no longer leak internal error messages (err.message)
- Templates route no longer exposes error details via 'detail' field
- Admin cleanup endpoint no longer exposes error message
- Standardized QUEUE_FULL response: 429 → 503 (Service Unavailable)
- Added missing PDF_TIMEOUT handling: returns 504 Gateway Timeout
- Generic 500 errors now return 'PDF generation failed.' without internals
TDD Approach:
1. RED: Created error-responses.test.ts with 11 failing tests
2. GREEN: Fixed src/routes/convert.ts, templates.ts, and index.ts
3. Updated convert.test.ts to expect new correct status codes
4. All 541 tests pass
Before: 'PDF generation failed: Puppeteer crashed: SIGSEGV in Chrome'
After: 'PDF generation failed.' (internals logged, not exposed)
Closes security audit findings re: information disclosure
2026-03-07 17:05:54 +01:00
f9caef82e6
feat: add PDF render timing to convert and demo routes
...
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 1m42s
- renderPdf() and renderUrlPdf() now return { pdf, durationMs }
- Timing wraps the actual render with Date.now()
- Log render duration via logger.info
- Add X-Render-Time response header in convert and demo routes
- Update all callers in convert, demo, templates routes
- Add TDD tests in render-timing.test.ts
- Update existing test mocks for new return shape
2026-03-06 11:08:06 +01:00
f89a3181f7
feat: validate PDF options with TDD tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Failing after 9m38s
2026-02-28 14:05:32 +01:00
f0e9a79606
test: add billing and convert route tests
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 12m25s
2026-02-26 19:03:48 +00:00
