docs: sync from backend 5ff0013 — db audit wave 1

This commit is contained in:
Siavash Sameni
2026-06-06 20:53:50 +04:00
parent bac1ae3986
commit 58c613af3a
2 changed files with 14 additions and 0 deletions

View File

@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
--- ---
### 2026-06-06 — backend@5ff0013, frontend@8434f32 — DB audit Wave 1 unbounded read caps
**Commits:** `5ff0013` `8434f32`
**Touched:** backend `src/db/repositories/drizzle/DrizzlePaymentRepo.ts`, `src/db/repositories/drizzle/DrizzleUserRepo.ts`, `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `src/services/payment/paymentController.ts`, `src/services/payment/migration/reportService.ts`, focused Jest tests, `scripts/smoke/db-audit-service-regressions.sh`, version files; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`
**Why:** Start the remaining Critical/High work in 8 waves. Wave 1 caps unbounded export/report/seller/template reads: payment export, seller discovery, active-template seller list/detail, and SHKeeper migration reporting.
**Verification:** backend `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (12 suites / 35 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check` for package bump. Pushed to Forgejo; `origin` remained unavailable and was intentionally skipped.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-06 — backend@0835be9, frontend@f05b056 — DB audit marketplace batching batch ### 2026-06-06 — backend@0835be9, frontend@f05b056 — DB audit marketplace batching batch
**Commits:** `0835be9` `f05b056` **Commits:** `0835be9` `f05b056`

View File

@@ -32,6 +32,10 @@ updated: 2026-06-06
| Seller template list: per-template seller/category lookups → batched seller/category page lookups | `0835be9` v2.9.17 | | Seller template list: per-template seller/category lookups → batched seller/category page lookups | `0835be9` v2.9.17 |
| Payment coordinator rejected-seller notifications: per-seller notification loop → one `createNotificationsBulk` call | `0835be9` v2.9.17 | | Payment coordinator rejected-seller notifications: per-seller notification loop → one `createNotificationsBulk` call | `0835be9` v2.9.17 |
| Category path lookup: one query per ancestor level → one recursive CTE returning root-to-leaf path | `0835be9` v2.9.17 | | Category path lookup: one query per ancestor level → one recursive CTE returning root-to-leaf path | `0835be9` v2.9.17 |
| Payment export: `listForExport` fetched all matching payments → bounded export query with default/max limits | `5ff0013` v2.9.18 |
| Seller lookup: `findSellers` without input limit loaded all sellers → safe default cap while preserving explicit limits | `5ff0013` v2.9.18 |
| Active template seller list/detail: full seller/template table scans → capped list query and scoped single-seller detail query | `5ff0013` v2.9.18 |
| SHKeeper migration report: loaded all SHKeeper payments → bounded sorted scan with explicit `maxRecords` cap | `5ff0013` v2.9.18 |
--- ---