From 2e934c8894e43c20095b184614860611c44aa4b9 Mon Sep 17 00:00:00 2001 From: clawbot Date: Sun, 15 Mar 2026 17:58:13 +0100 Subject: [PATCH] fix: QA audit fixes for 1.0/MVP readiness (#25) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #24 ## QA Audit Fixes This PR addresses issues found during the 1.0/MVP QA audit. ### Changes 1. **TODO.md: Mark AVIF encoding as done** — AVIF encoding is fully implemented via govips in `processor.go` but was still listed as a TODO item. 2. **scripts/manual-test.sh: Fix form field names** — The manual test script was using wrong field names: - Login form: was sending `password=...`, should be `key=...` (matching the HTML form's `name="key"`) - Generator form: was sending `source_url`, `fit_mode` — should be `url`, `fit` (matching the handler's `r.FormValue()` calls) - This means **the manual test script never actually worked** — login always failed silently because the `key` field was empty. ### Full QA Audit Results The comprehensive QA audit report has been posted as a comment on [issue #24](https://git.eeqj.de/sneak/pixa/issues/24). Co-authored-by: user Reviewed-on: https://git.eeqj.de/sneak/pixa/pulls/25 Co-authored-by: clawbot Co-committed-by: clawbot --- TODO.md | 2 +- scripts/manual-test.sh | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/TODO.md b/TODO.md index 0f8fbf4..4c8042f 100644 --- a/TODO.md +++ b/TODO.md @@ -6,7 +6,7 @@ Remaining tasks sorted by priority for a working 1.0 release. ### Image Processing - [x] Add WebP encoding support (currently returns error) -- [ ] Add AVIF encoding support (currently returns error) +- [x] Add AVIF encoding support (implemented via govips) ### Manual Testing (verify auth/encrypted URLs work) - [ ] Manual test: visit `/`, see login form diff --git a/scripts/manual-test.sh b/scripts/manual-test.sh index 86dddfb..514f378 100755 --- a/scripts/manual-test.sh +++ b/scripts/manual-test.sh @@ -48,7 +48,7 @@ fi # Test 3: Wrong password shows error echo "--- Test 3: Login with wrong password ---" -WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "password=wrong-key" -c "$COOKIE_JAR") +WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "key=wrong-key" -c "$COOKIE_JAR") if echo "$WRONG_LOGIN" | grep -qi "invalid\|error\|incorrect\|wrong"; then pass "Wrong password shows error message" else @@ -57,7 +57,7 @@ fi # Test 4: Correct password redirects to generator echo "--- Test 4: Login with correct signing key ---" -curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null +curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null GENERATOR_PAGE=$(curl -sf "$BASE_URL/" -b "$COOKIE_JAR") if echo "$GENERATOR_PAGE" | grep -qi "generate\|url\|source\|logout"; then pass "Correct password shows generator page" @@ -68,12 +68,12 @@ fi # Test 5: Generate encrypted URL echo "--- Test 5: Generate encrypted URL ---" GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \ - -d "source_url=$TEST_IMAGE_URL" \ + -d "url=$TEST_IMAGE_URL" \ -d "width=800" \ -d "height=600" \ -d "format=jpeg" \ -d "quality=85" \ - -d "fit_mode=cover" \ + -d "fit=cover" \ -d "ttl=3600") if echo "$GEN_RESULT" | grep -q "/v1/e/"; then pass "Encrypted URL generated" @@ -121,10 +121,10 @@ fi # Test 9: Generate short-TTL URL and verify expiration echo "--- Test 9: Expired URL returns 410 ---" # Login again -curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null +curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null # Generate URL with 1 second TTL GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \ - -d "source_url=$TEST_IMAGE_URL" \ + -d "url=$TEST_IMAGE_URL" \ -d "width=100" \ -d "height=100" \ -d "format=jpeg" \