fix(web): protejeaza decriptarea override_json in preview + inchide 3.6 (CLOSE)
decrypt_creds(override_json) era in afara try/except-ului care protejeaza
raw_json in preview_import (import_router) si _web_compute_preview (routes).
La rotatie cheie Fernet (risc acceptat R4) sau token corupt, raw_json degrada
gratios la {} dar override_json arunca 500 pe tot batch-ul. Acum ambalat
identic (fallback None -> {}).
Prins de /code-review high la CLOSE. Writeback: ROADMAP 3.6 -> DONE,
PRD -> inchis + Raport CLOSE. Duplicare _override_of/canonicalize notata
ca cleanup viitor (disciplina backend-neatins). 523 teste pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
<!-- /autoplan restore point: /home/claude/.gstack/projects/romfast-rar-autopass/main-autoplan-restore-20260619-093652.md -->
|
||||
# PRD 3.6 — Editare celule in preview + Acasa unificata (Trimiteri inline, upload slim, Mapari tabelar)
|
||||
|
||||
**Stare**: verify-pass (2026-06-19 — toate US-001..007 implementate, 523 teste pass, VERIFY E2E browser + LIVE RAR test PASS; vezi `## Raport VERIFY`)
|
||||
**Stare**: inchis (2026-06-22 — CLOSE: `/code-review` high a prins 1 bug real, reparat; dashboard ROADMAP → DONE. Toate US-001..007 implementate, 523 teste pass, VERIFY E2E browser + LIVE RAR test PASS; vezi `## Raport VERIFY` si `## Raport CLOSE`)
|
||||
|
||||
> Proces complet: `docs/ROADMAP.md` §5. Contract RAR (sursa de adevar): `docs/api-rar-contract.md`.
|
||||
> Starea trece: `draft → aprobat → in-executie → verify-pass → inchis` (actualizata de lead).
|
||||
@@ -561,3 +561,34 @@ Gate de design: D-3.1 + D-3.3 (swap distructiv + Enter-trimite) = problema de co
|
||||
| 12 | Design | First-run pastreaza hero "Primul fisier?"; slim accentuat; pastreaza wayfinding Mapari/Coduri | Auto | P1 | discoverability first-run |
|
||||
| UC-A | CEO/Design | US-007 reformulare labels (user a ales explicit "Automat/Manual") | USER CHALLENGE | — | toti reviewerii: risc send-safety. User decide. |
|
||||
| DG-1 | CEO | Split: ship US-003(+004) intai, US-001/002 dupa reuse, US-005/006 batch, US-007 redesign | Taste | P6 | cele 4 sunt independente (graf valuri) |
|
||||
|
||||
---
|
||||
|
||||
## Raport CLOSE (2026-06-22)
|
||||
|
||||
CLOSE conform ROADMAP §5.8 pe diff-ul livrabilei (`ead6324..178bc87`, doar `app/`).
|
||||
|
||||
**`/code-review` high** (8 unghiuri finder + verificare, recall-biased):
|
||||
|
||||
- **REPARAT (1 bug real, corectitudine).** Decriptarea `override_json` era in afara `try/except`-ului
|
||||
care protejeaza `raw_json` in ambele cai de preview:
|
||||
- `app/api/v1/import_router.py` `preview_import` (linia 699)
|
||||
- `app/web/routes.py` `_web_compute_preview` (linia 1061)
|
||||
La rotatie cheie Fernet (risc acceptat R4) sau token corupt, `raw_json` degrada gratios la `{}`
|
||||
dar `override_json` arunca exceptie -> 500 pe TOT batch-ul in loc de preview cu override gol.
|
||||
Fix: `override_json` ambalat in `try/except` identic cu `raw_json` (fallback `None` -> `{}`).
|
||||
523 teste pass dupa fix.
|
||||
|
||||
- **NOTAT, nereparat (cleanup viitor — disciplina "backend trimitere neatins").** Duplicare
|
||||
`_override_of` (decriptare override) + blocul "canonicalize dupa override" in 3-4 locuri
|
||||
(preview/commit pe canalul API vs. web). Refactor intr-un resolver partajat = candidat de cleanup,
|
||||
in afara scopului unui pas de CLOSE. Verificat ca cele 4 cai sunt logic identice (preview si commit
|
||||
produc aceeasi cheie de idempotenta), deci nu e bug azi.
|
||||
|
||||
- Restul candidatelor (form-binding HTML, fallback tab `coada`->`acasa`, falsy-zero pe override)
|
||||
REFUTED la verificare: comportament intentionat (US-003/004) sau deja corect in cod.
|
||||
|
||||
**Convenții (CLAUDE.md):** fara incalcari (RO peste tot, fara emoji, invariante idempotenta/scoping/
|
||||
422-no-echo pastrate).
|
||||
|
||||
Toate PASS -> writeback dashboard (DONE, 2026-06-22) + PRD `**Stare**: inchis`.
|
||||
|
||||
Reference in New Issue
Block a user