fix: QA audit fixes for 1.0/MVP readiness (#25)
All checks were successful
check / check (push) Successful in 5s
All checks were successful
check / check (push) Successful in 5s
closes #24 ## QA Audit Fixes This PR addresses issues found during the 1.0/MVP QA audit. ### Changes 1. **TODO.md: Mark AVIF encoding as done** — AVIF encoding is fully implemented via govips in `processor.go` but was still listed as a TODO item. 2. **scripts/manual-test.sh: Fix form field names** — The manual test script was using wrong field names: - Login form: was sending `password=...`, should be `key=...` (matching the HTML form's `name="key"`) - Generator form: was sending `source_url`, `fit_mode` — should be `url`, `fit` (matching the handler's `r.FormValue()` calls) - This means **the manual test script never actually worked** — login always failed silently because the `key` field was empty. ### Full QA Audit Results The comprehensive QA audit report has been posted as a comment on [issue #24](#24). Co-authored-by: user <user@Mac.lan guest wan> Reviewed-on: #25 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
This commit was merged in pull request #25.
This commit is contained in:
2
TODO.md
2
TODO.md
@@ -6,7 +6,7 @@ Remaining tasks sorted by priority for a working 1.0 release.
|
||||
|
||||
### Image Processing
|
||||
- [x] Add WebP encoding support (currently returns error)
|
||||
- [ ] Add AVIF encoding support (currently returns error)
|
||||
- [x] Add AVIF encoding support (implemented via govips)
|
||||
|
||||
### Manual Testing (verify auth/encrypted URLs work)
|
||||
- [ ] Manual test: visit `/`, see login form
|
||||
|
||||
@@ -48,7 +48,7 @@ fi
|
||||
|
||||
# Test 3: Wrong password shows error
|
||||
echo "--- Test 3: Login with wrong password ---"
|
||||
WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "password=wrong-key" -c "$COOKIE_JAR")
|
||||
WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "key=wrong-key" -c "$COOKIE_JAR")
|
||||
if echo "$WRONG_LOGIN" | grep -qi "invalid\|error\|incorrect\|wrong"; then
|
||||
pass "Wrong password shows error message"
|
||||
else
|
||||
@@ -57,7 +57,7 @@ fi
|
||||
|
||||
# Test 4: Correct password redirects to generator
|
||||
echo "--- Test 4: Login with correct signing key ---"
|
||||
curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
|
||||
curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
|
||||
GENERATOR_PAGE=$(curl -sf "$BASE_URL/" -b "$COOKIE_JAR")
|
||||
if echo "$GENERATOR_PAGE" | grep -qi "generate\|url\|source\|logout"; then
|
||||
pass "Correct password shows generator page"
|
||||
@@ -68,12 +68,12 @@ fi
|
||||
# Test 5: Generate encrypted URL
|
||||
echo "--- Test 5: Generate encrypted URL ---"
|
||||
GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
|
||||
-d "source_url=$TEST_IMAGE_URL" \
|
||||
-d "url=$TEST_IMAGE_URL" \
|
||||
-d "width=800" \
|
||||
-d "height=600" \
|
||||
-d "format=jpeg" \
|
||||
-d "quality=85" \
|
||||
-d "fit_mode=cover" \
|
||||
-d "fit=cover" \
|
||||
-d "ttl=3600")
|
||||
if echo "$GEN_RESULT" | grep -q "/v1/e/"; then
|
||||
pass "Encrypted URL generated"
|
||||
@@ -121,10 +121,10 @@ fi
|
||||
# Test 9: Generate short-TTL URL and verify expiration
|
||||
echo "--- Test 9: Expired URL returns 410 ---"
|
||||
# Login again
|
||||
curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
|
||||
curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
|
||||
# Generate URL with 1 second TTL
|
||||
GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
|
||||
-d "source_url=$TEST_IMAGE_URL" \
|
||||
-d "url=$TEST_IMAGE_URL" \
|
||||
-d "width=100" \
|
||||
-d "height=100" \
|
||||
-d "format=jpeg" \
|
||||
|
||||
Reference in New Issue
Block a user