Skip to content

fix: global JSON 404/error handlers + docs sync#123

Merged
Pyronewbic merged 2 commits into
mainfrom
dev
May 20, 2026
Merged

fix: global JSON 404/error handlers + docs sync#123
Pyronewbic merged 2 commits into
mainfrom
dev

Conversation

@Pyronewbic

@Pyronewbic Pyronewbic commented May 20, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add global JSON 404 catch-all and error handler to api.js — fixes ZAP DAST findings (500s on cloud metadata probes, HTML Content-Type on unmatched routes)
  • Update docs/internals.md lib/ tree to match actual auth/ + cards/ split
  • Fix test counts across README and internals (266 unit / 97 API / 71 smoke = 434 total)
  • Add missing env vars to docs/env-vars.md: CASECOMP_JWT_SECRET, CASECOMP_ADMIN_SUB, TOGETHER_API_KEY, fix GOOGLE_OAUTH_CLIENT_ID description
  • Fix Binary Authorization from "audit mode" to "enforced" in README
  • Remove stale v1/drops curl example from README

Test plan

  • Deploy and re-run ZAP DAST — verify 0 Medium, 0 Low findings (CORS wildcard remains accepted risk)
  • Verify unmatched routes return {"error":"Not found"} with Content-Type: application/json
  • Verify unhandled errors return sanitized JSON, not HTML stack traces

Pyronewbic added 2 commits May 19, 2026 00:06
@Pyronewbic
fix: disable ZAP issue creation (403 on GITHUB_TOKEN)
fa3bf5b
@Pyronewbic
fix: add global JSON 404/error handlers, update docs to match current…
5347f12 
… state

ZAP DAST flagged 500s on unmatched routes (cloud metadata probes) and
HTML Content-Type on non-API paths. Add catch-all JSON 404 handler and
global error handler with safeErrorMessage(). Update README, internals,
and env-vars docs: correct lib/ structure (auth/, cards/ split), fix
test counts (434 total), add missing env vars (JWT_SECRET, ADMIN_SUB,
TOGETHER_API_KEY, GOOGLE_OAUTH), fix Binary Auth from audit to enforced,
remove stale v1/drops curl example.
@Pyronewbic Pyronewbic merged commit 910caf9 into main May 20, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pyronewbic