shad0w/pelagia-portal
1
0
Fork 0
Code Issues 11 Pull requests 2 Projects Releases 2 Packages Wiki Activity Actions
No description
343 commits 27 branches 17 tags 13 MiB
Find a file
Hardik d1af1e6b12
All checks were successful
PR checks / checks (pull_request) Successful in 49s
Details
PR checks / integration (pull_request) Successful in 31s
Details
fix(pdf): let PdfService reach the PO export route past auth middleware 
"Email PO to vendor" (issue #14) relies on PdfService fetching
/api/po/<id>/export?...&svc=<token> WITHOUT a user session, authenticating
with a `svc` token that matches PDF_SERVICE_TOKEN. The route handler validates
that token, but the auth middleware runs first and its matcher doesn't exempt
the export route — so every unauthenticated fetch was redirected to /login
(307) and the svc bypass never executed. Net effect: the feature could never
render a real PDF on any deployed env, even with the service configured.

Fix: middleware now lets exactly `/api/po/<id>/export` through when its `svc`
query param matches `process.env.PDF_SERVICE_TOKEN` (the route handler still
re-validates it — defense in depth). Everything else stays auth-gated. The
match lives in a dependency-free, edge-safe, unit-tested helper
(lib/pdf-export-auth.ts); middleware already reads server env at runtime via
auth()/NEXTAUTH_SECRET, so reading PDF_SERVICE_TOKEN there is consistent.

Verified on a running build: correct svc + real PO -> 200, correct svc + bogus
PO -> 404 (handler ran), wrong/no svc -> 307 (still gated). 324 unit tests
green; tsc clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 14:55:40 +05:30
.claude seed(prod): trim SITES to geocoded entries only; update admin email 2026-05-31 02:44:37 +05:30
.forgejo fix(deploy): expand sparse checkout so microservices/ecosystem are on disk 2026-06-24 03:12:54 +05:30
App fix(pdf): let PdfService reach the PO export route past auth middleware 2026-06-24 14:55:40 +05:30
automation test(staging): feature-level verification of closed issues + seeded test users 2026-06-24 11:49:48 +05:30
Docs test(staging): feature-level verification of closed issues + seeded test users 2026-06-24 11:49:48 +05:30
EpfoService test(crewing): cover EPFO stub contract + /api/epfo permission gate 2026-06-22 23:56:14 +05:30
GstService fix: preserve tracked request typing 2026-05-22 17:39:26 +05:30
PdfService feat(po): email PO to vendor — PDF link in an Outlook draft (#14) 2026-06-24 02:45:48 +05:30
Progress chore{perm}: Allow managers to confirm receipt 2026-06-15 11:49:14 +05:30
static fix(static): prevent mobile layout overflow 2026-05-22 18:11:31 +05:30
Wireframe chore(design-system): add PPMS design system reference and sync bundle 2026-06-22 04:30:22 +05:30
.gitattributes feat(automation): port issue watcher to bash for pms1 (cron, 24/7) 2026-06-19 04:32:06 +05:30
.gitignore @ 2026-06-19 13:56:50 +05:30
CHANGELOG.md docs: bring CLAUDE.md, README, Docs and CHANGELOG up to date with current product 2026-06-19 12:43:24 +05:30
ecosystem.config.js chore(deploy): build & (re)start microservices on release tag 2026-06-24 02:59:36 +05:30
generate_po.py chore(inventory): remove item detail page; move SiteSelect to shared components 2026-05-16 00:07:04 +05:30
inspect_po.py chore(inventory): remove item detail page; move SiteSelect to shared components 2026-05-16 00:07:04 +05:30
test-report-2026-05-17.md docs: consolidate design notes and test report 2026-05-22 17:15:38 +05:30

Docs/README.md

Docs — retired (moved to the wiki)

The design, architecture, and test documents that used to live here have been migrated to the project wiki and removed from the repo. The wiki is the living reference going forward.

Wiki: https://git.pelagiamarine.com/shad0w/pelagia-portal/wiki (working clone: pelagia-portal.wiki/ alongside this repo).

Where each retired doc went

Retired file Now in the wiki
01-design-document.md System/Architecture, Product/Workflows (user stories), Product/Design-System, Overview/Open-Questions
02-architecture.md System/Architecture (+ System/Data-Model, Ops/Deployment-and-Operations, Build-and-Run/Environment-Variables)
03-open-questions.md Overview/Open-Questions
DESIGN.md Product/Workflows, Product/Pages-and-Navigation, Product/Design-System
TEST_PLAN.md Quality/Test-Plan
e2e-test-framework.md Quality/E2E-Test-Framework
e2e-test-plan.md Quality/E2E-Test-Plan
PLAYRIGHT_TEST_DESIGN.md Quality/Playwright-Test-Design

The wiki's on-disk folder layout (Overview / Build-and-Run / System / Product / Quality / Ops) mirrors its sidebar hierarchy.

Keep current behaviour documented in the wiki, not here. Other authoritative in-repo sources remain: App/CLAUDE.md, App/README.md, automation/README.md, and CHANGELOG.md.