docs: sync from backend 5ff0013 — db audit wave 1
This commit is contained in:
@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
|
||||
|
||||
---
|
||||
|
||||
### 2026-06-06 — backend@5ff0013, frontend@8434f32 — DB audit Wave 1 unbounded read caps
|
||||
|
||||
**Commits:** `5ff0013` `8434f32`
|
||||
**Touched:** backend `src/db/repositories/drizzle/DrizzlePaymentRepo.ts`, `src/db/repositories/drizzle/DrizzleUserRepo.ts`, `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `src/services/payment/paymentController.ts`, `src/services/payment/migration/reportService.ts`, focused Jest tests, `scripts/smoke/db-audit-service-regressions.sh`, version files; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`
|
||||
**Why:** Start the remaining Critical/High work in 8 waves. Wave 1 caps unbounded export/report/seller/template reads: payment export, seller discovery, active-template seller list/detail, and SHKeeper migration reporting.
|
||||
**Verification:** backend `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (12 suites / 35 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check` for package bump. Pushed to Forgejo; `origin` remained unavailable and was intentionally skipped.
|
||||
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
|
||||
|
||||
---
|
||||
|
||||
### 2026-06-06 — backend@0835be9, frontend@f05b056 — DB audit marketplace batching batch
|
||||
|
||||
**Commits:** `0835be9` `f05b056`
|
||||
|
||||
@@ -32,6 +32,10 @@ updated: 2026-06-06
|
||||
| Seller template list: per-template seller/category lookups → batched seller/category page lookups | `0835be9` v2.9.17 |
|
||||
| Payment coordinator rejected-seller notifications: per-seller notification loop → one `createNotificationsBulk` call | `0835be9` v2.9.17 |
|
||||
| Category path lookup: one query per ancestor level → one recursive CTE returning root-to-leaf path | `0835be9` v2.9.17 |
|
||||
| Payment export: `listForExport` fetched all matching payments → bounded export query with default/max limits | `5ff0013` v2.9.18 |
|
||||
| Seller lookup: `findSellers` without input limit loaded all sellers → safe default cap while preserving explicit limits | `5ff0013` v2.9.18 |
|
||||
| Active template seller list/detail: full seller/template table scans → capped list query and scoped single-seller detail query | `5ff0013` v2.9.18 |
|
||||
| SHKeeper migration report: loaded all SHKeeper payments → bounded sorted scan with explicit `maxRecords` cap | `5ff0013` v2.9.18 |
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user