fix: add dynamic route for /api/cre/webapp and /api/cre/mobileapp#2407
Open
Mysterio-17 wants to merge 3 commits intoOWASP:masterfrom
Open
fix: add dynamic route for /api/cre/webapp and /api/cre/mobileapp#2407Mysterio-17 wants to merge 3 commits intoOWASP:masterfrom
Mysterio-17 wants to merge 3 commits intoOWASP:masterfrom
Conversation
…ileapp - Create [edition]/+server.ts to dynamically serve edition metadata - Add post-build script to generate static edition metadata for production - Remove redundant hardcoded webapp/+server.js and mobileapp/+server.js Signed-off-by: Mradul Tiwari <mradultiwari1708@gmail.com>
Mysterio-17
requested review from
cw-owasp,
rewtd and
sydseter
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a dynamic SvelteKit endpoint for /api/cre/[edition] to serve edition metadata (languages/version/name) for supported editions, and introduces a post-build generator to emit static metadata files to work around adapter-static file-vs-directory output conflicts.
Changes:
- Added
src/routes/api/cre/[edition]/+server.tsto serve edition metadata dynamically forwebappandmobileapp. - Added
script/generate-edition-meta.jsand wired it into build scripts to generate static metadata output after building. - Removed redundant hardcoded endpoints for
/api/cre/webappand/api/cre/mobileapp.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| cornucopia.owasp.org/src/routes/api/cre/webapp/+server.js | Removed now-redundant hardcoded metadata endpoint. |
| cornucopia.owasp.org/src/routes/api/cre/mobileapp/+server.js | Removed now-redundant hardcoded metadata endpoint. |
| cornucopia.owasp.org/src/routes/api/cre/[edition]/+server.ts | New dynamic edition metadata endpoint (non-prerendered). |
| cornucopia.owasp.org/script/generate-edition-meta.js | Post-build generator to create static metadata files for static hosting. |
| cornucopia.owasp.org/package.json | Runs the new generator as part of build / stage / production build scripts. |
sydseter
requested changes
Feb 26, 2026
- Use DeckService as single source of truth for edition validation - Add throw to error() call for secure failure handling (ASVS V16.5) - Implement secure fallback in generate-edition-meta.js with proper error handling - Add CreController.getEditionName() static method for centralized edition names - Remove hardcoded edition lists to prevent drift between dev and production
- Add tests for known editions (webapp, mobileapp) - Add test for unknown edition fallback branch - Add edge case test for empty string - Ensures branch coverage meets 90% threshold
Contributor
Author
|
Hello @sydseter , I've addressed all the Copilot feedback - using DeckService as the source of truth, fixing the error handling, and adding a secure fallback in the build script. Also added tests for the new method to keep coverage above 90%. The copi test failure isn't related to my changes as my PR only modifies the cornucopia website, not the copi application. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes : #2380
Creates a dynamic
[edition]/+server.tsroute handler that serves edition metadata (supported languages, version, edition name) for any valid edition, replacing the need for separate hardcoded route files per edition.A post-build script is also added to generate the static edition metadata JSON files during the build, since SvelteKit's
adapter-staticcannot prerender both/api/cre/webapp(file) and/api/cre/webapp/en(directory) at the same path without a filesystem conflict.Changes
src/routes/api/cre/[edition]/+server.ts- Dynamic route handler serving edition metadata using DeckService.script/generate-edition-meta.js- Post-build script generating static JSON for production builds.package.json- Addedgenerate-edition-meta.jsto build, build-stage, and productionbuild scripts.src/routes/api/cre/webapp/+server.js- Redundant, replaced by the dynamic [edition] route. Can be reverted if preferred.src/routes/api/cre/mobileapp/+server.js- Redundant, replaced by the dynamic [edition] route. Can be reverted if preferred.Testing