BetterFrame

BetterCorp/BetterFrame

Fork 0

mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 19:06:34 +00:00

Commit graph

Author	SHA1	Message	Date
Mitchell R	8c59bb6b02	fix: wrap nullable event fields with optional() for missing keys anyvali nullable() accepts null but rejects undefined (absent field). Kiosk log events omit camera_id/property_op entirely. Wrap with optional() so missing fields default to null. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-26 15:26:55 +02:00
Mitchell R	38c78c0bb5	fix: log validation errors with field detail + raw body on event reject validateBody now extracts per-field error messages from anyvali issues. Event endpoint logs the raw body (first 500 chars) on validation failure so we can see exactly what the kiosk sends. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-26 15:15:41 +02:00
Mitchell R	5d23079086	feat: add anyvali input validation to all external API endpoints Create shared/api-schemas.ts with av.object schemas for: - pair/initiate, pair/claim (pairing flow) - kiosk/heartbeat (telemetry with displays, partitions, hwmon) - kiosk/event (ONVIF/system events) - kiosk/logs (batched log entries) - firmware/applied, os/applied (update reports) - auth/login, auth/totp, setup (admin auth) Each endpoint now calls validateBody(Schema, body) which returns 400 on schema violation. All string fields have maxLength, numeric fields have min/max ranges, arrays strip unknown keys. Rejects malformed input before it reaches DB or business logic. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-26 14:03:58 +02:00

Author

SHA1

Message

Date

Mitchell R

8c59bb6b02

fix: wrap nullable event fields with optional() for missing keys

anyvali nullable() accepts null but rejects undefined (absent field).
Kiosk log events omit camera_id/property_op entirely. Wrap with
optional() so missing fields default to null.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-26 15:26:55 +02:00

Mitchell R

38c78c0bb5

fix: log validation errors with field detail + raw body on event reject

validateBody now extracts per-field error messages from anyvali issues.
Event endpoint logs the raw body (first 500 chars) on validation failure
so we can see exactly what the kiosk sends.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-26 15:15:41 +02:00

Mitchell R

5d23079086

feat: add anyvali input validation to all external API endpoints

Create shared/api-schemas.ts with av.object schemas for:
- pair/initiate, pair/claim (pairing flow)
- kiosk/heartbeat (telemetry with displays, partitions, hwmon)
- kiosk/event (ONVIF/system events)
- kiosk/logs (batched log entries)
- firmware/applied, os/applied (update reports)
- auth/login, auth/totp, setup (admin auth)

Each endpoint now calls validateBody(Schema, body) which returns 400
on schema violation. All string fields have maxLength, numeric fields
have min/max ranges, arrays strip unknown keys. Rejects malformed
input before it reaches DB or business logic.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-26 14:03:58 +02:00

3 commits