AnRil/laude
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 19 Wiki Activity
Files
03ab4eebf5f3d96e1bab587c66bbb7ba21a5bf8d
laude/src/main/validate.ts
AnRil f0dc5b2cc3 feat: a11y + Error Boundary + IPC validation + schema migrations 
Second pass through the audit punch-list. ESLint and Prettier now clean
(0 errors, 0 warnings), typecheck clean, 53 tests pass.

ACCESSIBILITY (Modal)
- Full focus trap: Tab/Shift-Tab cycle within the dialog and never
  escape to the underlying page.
- Focus restoration: closing returns focus to the trigger button.
- First focusable child is focused on open (skipping the X button).
- aria-labelledby links the dialog to its <h2> via useId().
- Close button's hardcoded "Закрыть" replaced with i18n key.

ERROR RECOVERY
- Add ErrorBoundary component (class — only way) with localized
  fallback and a "try again" reset button. Stack trace shown only in
  dev. Wrapped around the whole App + a nested boundary around the
  routed pages so a crash in one route doesn't blank the chrome.
- Module-level guard on subscribeToBackend so React 18 StrictMode's
  dev-mode double-mount doesn't subscribe twice.
- Loading placeholder is now blank (was hardcoded Russian "Загрузка…"
  that English users would see during initial hydration).

TRAY i18n
- 5 tray strings now follow the current settings.language. Falls back
  to Russian when the store isn't loaded yet or the lang is unknown.
- refreshMenu() called on settings.language change and on
  pauseAll/resumeAll so the pause label stays in sync with state.

IPC VALIDATION (src/main/validate.ts)
- Hand-rolled validators for every renderer-supplied payload:
  exercise input/patch, challenge input/patch, settings patch, id,
  actualReps, snoozeMinutes. Range-check numeric fields
  (intervalMinutes ∈ [1, 1440], reps ∈ [1, 9999], multiplier ∈ [0,
  1000], snooze ∈ [1, 1440]), cap string lengths at 200, restrict
  enums (theme/lang/notify-mode/stat) to known values, validate
  quietHours.from/to with HH:MM regex and dedup quietHours.days.
- Every ipcMain.handle for mutations now runs the validator first and
  returns null on rejection instead of pushing junk into the store.
  A compromised renderer can no longer corrupt persisted state via
  out-of-range numbers or wrong-type fields.

SCHEMA MIGRATIONS (src/main/store.ts)
- Add __schemaVersion field to persisted state with CURRENT = 1.
- MIGRATIONS map: { 0: (s) => s } as a no-op seed; future structural
  changes (e.g. quietHours shape revision) get a single explicit slot.
- runMigrations() applies migrations in order; coerce() normalises the
  result into a fully-formed AppState. Both first-write and every
  flush() persist the version field.

EXHAUSTIVE-DEPS WARNINGS
- Dashboard: memoise `exercises` so downstream useMemos don't fire on
  every parent render; gate the history fetch on exercises change
  instead of any state change.
- HistoryHeatmap: wrap `weeks` in useMemo so monthLabels' deps are
  stable.

LINT POLISH
- updater.ts: refactor a Prettier-vs-no-extra-semi conflict by
  extracting the cast into a local binding.
- Remove dead import of `Challenge` from ipc.ts (now imported via
  validators).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 23:21:27 +07:00

312 lines
8.7 KiB
TypeScript
Raw Blame History

/**
* Hand-rolled runtime validators for IPC payloads.
*
* TypeScript types are erased at compile time — a compromised or buggy
* renderer can still send arbitrary JSON across the IPC boundary. These
* helpers enforce shape, type and range BEFORE the data hits the store.
*
* Philosophy: be lenient with unknown fields (drop them silently), strict
* about known fields (reject the call if a known field is the wrong type
* or out of range). Never throw to the renderer; return a sanitised value
* or `null` and the caller decides what to do.
*/
import type {
Challenge,
Exercise,
GameStat,
Settings,
Theme,
Language,
NotificationMode
} from '@shared/types'
const MAX_STR_LEN = 200
const VALID_THEMES: Theme[] = ['system', 'light', 'dark']
const VALID_LANGS: Language[] = ['ru', 'en']
const VALID_NOTIFY: NotificationMode[] = ['toast', 'modal', 'both']
const VALID_STATS: GameStat[] = [
'deaths',
'kills',
'assists',
'last_hits',
'denies',
'duration_min'
]
const HHMM_RE = /^\d{1,2}:\d{2}$/
function isObj(v: unknown): v is Record<string, unknown> {
return typeof v === 'object' && v !== null && !Array.isArray(v)
}
function safeStr(v: unknown, max = MAX_STR_LEN): string | undefined {
if (typeof v !== 'string') return undefined
if (v.length === 0 || v.length > max) return undefined
return v
}
function intInRange(v: unknown, min: number, max: number): number | undefined {
if (typeof v !== 'number' || !Number.isFinite(v)) return undefined
const n = Math.trunc(v)
if (n < min || n > max) return undefined
return n
}
function numInRange(v: unknown, min: number, max: number): number | undefined {
if (typeof v !== 'number' || !Number.isFinite(v)) return undefined
if (v < min || v > max) return undefined
return v
}
function bool(v: unknown): boolean | undefined {
return typeof v === 'boolean' ? v : undefined
}
function oneOf<T extends string>(
v: unknown,
allowed: readonly T[]
): T | undefined {
return typeof v === 'string' && (allowed as readonly string[]).includes(v)
? (v as T)
: undefined
}
// -----------------------------------------------------------------------
// Exercise validators
// -----------------------------------------------------------------------
export function validateExerciseInput(
raw: unknown
): Omit<Exercise, 'id' | 'nextFireAt' | 'lastDoneAt'> | null {
if (!isObj(raw)) return null
const name = safeStr(raw.name)
const reps = intInRange(raw.reps, 1, 9999)
const intervalMinutes = intInRange(raw.intervalMinutes, 1, 24 * 60)
const icon = safeStr(raw.icon, 64) ?? 'Activity'
const enabled = bool(raw.enabled) ?? true
if (
name === undefined ||
reps === undefined ||
intervalMinutes === undefined
) {
return null
}
return { name, reps, intervalMinutes, icon, enabled }
}
export function validateExercisePatch(
raw: unknown
): Partial<Omit<Exercise, 'id'>> | null {
if (!isObj(raw)) return null
const out: Partial<Omit<Exercise, 'id'>> = {}
if ('name' in raw) {
const v = safeStr(raw.name)
if (v === undefined) return null
out.name = v
}
if ('reps' in raw) {
const v = intInRange(raw.reps, 1, 9999)
if (v === undefined) return null
out.reps = v
}
if ('intervalMinutes' in raw) {
const v = intInRange(raw.intervalMinutes, 1, 24 * 60)
if (v === undefined) return null
out.intervalMinutes = v
}
if ('icon' in raw) {
const v = safeStr(raw.icon, 64)
if (v === undefined) return null
out.icon = v
}
if ('enabled' in raw) {
const v = bool(raw.enabled)
if (v === undefined) return null
out.enabled = v
}
// Allow scheduler-controlled fields to be patched (used by store.markDone
// through this same boundary), but range-check them.
if ('nextFireAt' in raw) {
const v = numInRange(raw.nextFireAt, 0, Number.MAX_SAFE_INTEGER)
if (v === undefined) return null
out.nextFireAt = v
}
if ('lastDoneAt' in raw) {
const v = numInRange(raw.lastDoneAt, 0, Number.MAX_SAFE_INTEGER)
if (v === undefined) return null
out.lastDoneAt = v
}
return out
}
// -----------------------------------------------------------------------
// Challenge validators
// -----------------------------------------------------------------------
export function validateChallengeInput(
raw: unknown
): Omit<Challenge, 'id'> | null {
if (!isObj(raw)) return null
const name = safeStr(raw.name)
const gameId = safeStr(raw.gameId, 32)
const stat = oneOf(raw.stat, VALID_STATS)
const multiplier = numInRange(raw.multiplier, 0, 1000)
const exerciseName = safeStr(raw.exerciseName)
const icon = safeStr(raw.icon, 64) ?? 'Activity'
const enabled = bool(raw.enabled) ?? true
if (
name === undefined ||
gameId === undefined ||
stat === undefined ||
multiplier === undefined ||
exerciseName === undefined
) {
return null
}
return {
name,
gameId: gameId as Challenge['gameId'],
stat,
multiplier,
exerciseName,
icon,
enabled
}
}
export function validateChallengePatch(
raw: unknown
): Partial<Omit<Challenge, 'id'>> | null {
if (!isObj(raw)) return null
const out: Partial<Omit<Challenge, 'id'>> = {}
if ('name' in raw) {
const v = safeStr(raw.name)
if (v === undefined) return null
out.name = v
}
if ('exerciseName' in raw) {
const v = safeStr(raw.exerciseName)
if (v === undefined) return null
out.exerciseName = v
}
if ('stat' in raw) {
const v = oneOf(raw.stat, VALID_STATS)
if (v === undefined) return null
out.stat = v
}
if ('multiplier' in raw) {
const v = numInRange(raw.multiplier, 0, 1000)
if (v === undefined) return null
out.multiplier = v
}
if ('icon' in raw) {
const v = safeStr(raw.icon, 64)
if (v === undefined) return null
out.icon = v
}
if ('enabled' in raw) {
const v = bool(raw.enabled)
if (v === undefined) return null
out.enabled = v
}
return out
}
// -----------------------------------------------------------------------
// Settings validators
// -----------------------------------------------------------------------
export function validateSettingsPatch(raw: unknown): Partial<Settings> | null {
if (!isObj(raw)) return null
const out: Partial<Settings> = {}
if ('globalEnabled' in raw) {
const v = bool(raw.globalEnabled)
if (v === undefined) return null
out.globalEnabled = v
}
if ('startWithWindows' in raw) {
const v = bool(raw.startWithWindows)
if (v === undefined) return null
out.startWithWindows = v
}
if ('startMinimized' in raw) {
const v = bool(raw.startMinimized)
if (v === undefined) return null
out.startMinimized = v
}
if ('minimizeToTray' in raw) {
const v = bool(raw.minimizeToTray)
if (v === undefined) return null
out.minimizeToTray = v
}
if ('soundEnabled' in raw) {
const v = bool(raw.soundEnabled)
if (v === undefined) return null
out.soundEnabled = v
}
if ('notificationMode' in raw) {
const v = oneOf(raw.notificationMode, VALID_NOTIFY)
if (v === undefined) return null
out.notificationMode = v
}
if ('theme' in raw) {
const v = oneOf(raw.theme, VALID_THEMES)
if (v === undefined) return null
out.theme = v
}
if ('language' in raw) {
const v = oneOf(raw.language, VALID_LANGS)
if (v === undefined) return null
out.language = v
}
if ('snoozeMinutes' in raw) {
const v = intInRange(raw.snoozeMinutes, 1, 24 * 60)
if (v === undefined) return null
out.snoozeMinutes = v
}
if ('quietHours' in raw) {
const qh = raw.quietHours
if (!isObj(qh)) return null
const enabled = bool(qh.enabled)
const from = safeStr(qh.from, 8)
const to = safeStr(qh.to, 8)
if (
enabled === undefined ||
from === undefined ||
to === undefined ||
!HHMM_RE.test(from) ||
!HHMM_RE.test(to)
) {
return null
}
if (!Array.isArray(qh.days)) return null
const days: number[] = []
for (const d of qh.days) {
const n = intInRange(d, 0, 6)
if (n === undefined) return null
if (!days.includes(n)) days.push(n)
}
out.quietHours = { enabled, from, to, days }
}
return out
}
// -----------------------------------------------------------------------
// Misc tiny validators
// -----------------------------------------------------------------------
export function validateId(raw: unknown): string | null {
// UUIDs from store.ts via randomUUID(); accept any reasonable string id.
const v = safeStr(raw, 64)
return v ?? null
}
export function validateActualReps(raw: unknown): number | undefined {
if (raw === undefined || raw === null) return undefined
return intInRange(raw, 0, 100000) ?? undefined
}
export function validateSnoozeMinutes(raw: unknown): number | null {
return intInRange(raw, 1, 24 * 60) ?? null
}
Reference in New Issue View Git Blame Copy Permalink