mathias/hyperguild
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ingestion): address code review issues in api and watcher packages

Browse Source 
- Strip internal error detail from 500 responses (leak prevention)
- Add path containment assertion in /write handler
- Use Go 1.22 method-prefixed mux routes for automatic 405 responses
- Clarify watch_interval log when watcher not yet wired
- Consolidate validation tests into table-driven TestIngest_Validation
- Watcher: return nil after successful quarantine to avoid double-logging
- Watcher: append timestamp suffix to processed dest if file already exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
2026-04-22 22:59:39 +02:00
parent a25bb18c54
commit 2f4b577131
4 changed files with 45 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ingestion/internal/api/handler.go
View File

@@ -126,6 +126,10 @@ func (h *Handler) Write(w http.ResponseWriter, r *http.Request) {
base += ".md"
}
dest := filepath.Join(rawDir, base)
if !strings.HasPrefix(filepath.Clean(dest)+string(os.PathSeparator), filepath.Clean(rawDir)+string(os.PathSeparator)) {
writeError(w, http.StatusBadRequest, "invalid filename")
return
}
if err := os.WriteFile(dest, []byte(finalContent), 0o644); err != nil {
h.logger.Error("write failed", "err", err)
writeError(w, http.StatusInternalServerError, "write error")
@@ -155,7 +159,7 @@ func (h *Handler) Ingest(w http.ResponseWriter, r *http.Request) {
result, err := pipeline.Run(r.Context(), h.pipeline, h.brainDir, req.Content, req.Source, req.DryRun)
if err != nil {
h.logger.Error("ingest failed", "source", req.Source, "err", err)
writeError(w, http.StatusInternalServerError, fmt.Sprintf("ingest error: %v", err))
writeError(w, http.StatusInternalServerError, "ingest error")
return
}
@@ -251,7 +255,7 @@ func (h *Handler) IngestPath(w http.ResponseWriter, r *http.Request) {
result, runErr := pipeline.Run(r.Context(), h.pipeline, h.brainDir, string(content), source, req.DryRun)
if runErr != nil {
h.logger.Error("ingest-path failed", "path", req.Path, "err", runErr)
writeError(w, http.StatusInternalServerError, fmt.Sprintf("ingest error: %v", runErr))
writeError(w, http.StatusInternalServerError, "ingest error")
return
}
allPages = result.Pages