groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: groombook/api:flea/promote-main-gro-2294
Branches Tags
groombook/api:main groombook/api:promote/uat-to-main-gro-2586 groombook/api:uat groombook/api:promote/GRO-2586-cors-to-uat groombook/api:dev groombook/api:feature/GRO-2586-cors-origin-reflection groombook/api:frozen/gro-2425-uat-to-main groombook/api:feature/GRO-2425-comma-split-cors-origin groombook/api:gro-2381-agents-contributing groombook/api:flea/uat-to-main-gro-2359-api groombook/api:release/main-GRO-2342-api groombook/api:release/main-GRO-2319-api groombook/api:flea/promote-main-gro-2311 groombook/api:promote/GRO-2319-api-to-uat groombook/api:feat/GRO-2319-portal-waitlist-surfacing groombook/api:flea/promote-main-gro-2172 groombook/api:dev-to-uat-gro-2311 groombook/api:flea/gro-2311-seed-portal-statusbadge-appts groombook/api:promote/gro-2172-pets-to-uat groombook/api:fix/gro-2172-pet-extended-fields groombook/api:uat-to-main-gro-2299 groombook/api:flea/promote-main-gro-2294 groombook/api:promote/dev-to-uat-gro-2299 groombook/api:gro-2299-redact-patch-settings groombook/api:flea/promote-gro-2294-uat groombook/api:flea/gro-2294-route-opt-hardening groombook/api:flea/uat-to-main-gro-2157-frozen groombook/api:promote/dev-to-uat-gro-2225 groombook/api:flea/gro-2157-navigation-export groombook/api:flea/gro-2235-waitlist-duplicate-409 groombook/api:feat/gro-2225-uat-seed-route-cohort groombook/api:flea/uat-to-main-gro-2234-api groombook/api:flea/dev-to-uat-gro-2156 groombook/api:flea-flicker/gro-2234-portal-session-sliding-ttl groombook/api:release/main-6120b96 groombook/api:flea/gro-2156-travel-buffer-reorder groombook/api:release/main-eb92f99 groombook/api:fix/gro-2214-portal-waitlist-validation groombook/api:fix/gro-2203-portal-pet-patch-uuid-validation groombook/api:dev-to-uat-gro-2155 groombook/api:feat/gro-2155-route-optimize-endpoints-dev groombook/api:fix/gro-2163-migrate-pre-dns-wait groombook/api:fix/gro-2187-portal-photokey-hijack groombook/api:dev-to-uat-gro-2154 groombook/api:feat/gro-2154-geocoding-endpoints-dev groombook/api:flea-flicker/gro-2197-ci-api-gate groombook/api:dev-to-uat-gro-2153 groombook/api:dev-to-uat-gro-2187 groombook/api:fix/gro-2187-portal-pets-patch groombook/api:dev-to-uat-gro-2129 groombook/api:flea-flicker/gro-2123-cleanup-stale-seed-duplicate groombook/api:dev-to-uat-gro-2123 groombook/api:flea-flicker/gro-2123-seed-advisory-lock groombook/api:promote/dev-to-uat-gro-2100 groombook/api:flea/gro-2100-uat-groomer-pet-linkage groombook/api:flea/gro-2062-owner-bypass-audit groombook/api:flea/gro-2052-rbac-betterauth-user-autoprovision groombook/api:dogfather/gro-2013-promote-uat groombook/api:flea/gro-2013-owner-bypass-deployed-tree groombook/api:flea/gro-2033-idempotent-pet-profile-migrations groombook/api:fix/gro-2014-profile-summary-error-handling groombook/api:flea/gro-2000-uat-password-source-doc groombook/api:fix/gro-1999-uat-seed-extra-large groombook/api:fix/gro-1983-seed-pnpm-baked groombook/api:fix/GRO-1979-coat-type-pet-size-enum-fix groombook/api:fleaflicker/GRO-1962-deterministic-testcoopper-rocky groombook/api:flea/gro-1977-seed-idempotency groombook/api:fix/GRO-1977-seed-credential-idempotency groombook/api:promote/dev-to-uat-gro-1971 groombook/api:fix/gro-1971-coat-type-enum-missing-short groombook/api:fix/GRO-1962-uat-seed-pet-medicalalerts groombook/api:flea/GRO-1955-fix-uc-undefined-seed groombook/api:fix/GRO-1909-migrate-corepack-offline groombook/api:fix/GRO-1953-coat-type-short-missing groombook/api:fleaflicker/gro-medical-alert-types-behavioral-skin groombook/api:fleaflicker/gro-1921-uat-reset-full-seed groombook/api:flea/GRO-1945-pets-visitcount-hotfix groombook/api:fix/GRO-1935-uat-customer-client-seed groombook/api:fix/GRO-1914-seed-typeof groombook/api:feature/GRO-1898-extended-pet-profile-seed groombook/api:seed/extended-profile-fields-gro-1898 groombook/api:fix/gro-1889-reset-demo-data-pnpm groombook/api:promote/dev-to-uat-gro-1866 groombook/api:fix/gro-1866-qa-fixes groombook/api:fix/gro-1866-sso-bridge groombook/api:fix/gro-1850-pet-profile-migration groombook/api:promote/dev-to-uat-gro-1790 groombook/api:flea-flicker/pet-profile-summary groombook/api:ff/gro-1765-trigger-ci groombook/api:promo/gro-1764-uat groombook/api:ci/gro-1757-build groombook/api:fix/gro-1757-sso-auto-provision groombook/api:fix/gro-1754-uat-ci groombook/api:fix/gro-1754-trigger-ci-v2 groombook/api:fix/gro-1752-factories-v2 groombook/api:fix/gro-1752-factories-only groombook/api:fix/gro-1746-apply-uat-seed-to-root-src groombook/api:fix/gro-1752-extended-pet-profile-fields groombook/api:promo/gro-1749-uat groombook/api:fix/gro-1749-uat-seed-sync groombook/api:fix/gro-1743-uat-seed-data groombook/api:fix/gro-1480-portal-pets-patch groombook/api:fix/gro-1678-econnreset-robustness groombook/api:fix/gro-1576-ci-provenance-false groombook/api:fix/gro-1575-ci-provenance groombook/api:fix/gro-1566-api-health-auth-bypass groombook/api:fix/gro-1544-api-health-endpoint groombook/api:fix/gro-1533-migration-0031-coat-type groombook/api:fix/gro-1533-missing-migration-0032 groombook/api:fix/gro-1533-missing-migration-journal groombook/api:revert/gro-1533-dockerfile-fix groombook/api:fix/gro-1533-revert-dockefile-build-change groombook/api:flea-flicker/gro-1531-seed-db-filter groombook/api:fix/gro-1522-ci-images-node22 groombook/api:pr-44 groombook/api:flea-flicker/gro-1509-better-auth-account-not-linked groombook/api:flea-flicker/gro-1162-pet-buffer-time groombook/api:fix/gro-1461-uat-playbook-auto-provision groombook/api:flea-flicker/pet-profile-editor groombook/api:fix/gro-1441-remove-duplicate-coat-props groombook/api:fix/gro-1390-pets-test-mock-hoisting groombook/api:fix/gro-1395-drizzle-orm-root-dep groombook/api:gitea/migrate-workflows groombook/api:flea-flicker/fix-gro-1370-ts-and-test-errors groombook/api:fix/api/add-devdep-drizzle-orm-fix-vitest groombook/api:pr-19 groombook/api:flea-flicker/uat-email-password-seed groombook/api:fleaflicker/gro-1272-v2 groombook/api:fleaflicker/gro-1272-auto-provision-staff groombook/api:add-renovate-config groombook/api:flea-flicker/gro-1231-pnpm-workspace-dockerfile groombook/api:fix/GRO-1202-rate-limit-override groombook/api:fix/typescript-errors groombook/api:flea-flicker/pet-profile-extended-fields groombook/api:fix/uat-tester-oidc-sub groombook/api:flea-flicker/fix-authprovider-mock-path groombook/api:flea-flicker/auto-create-staff-oauth-users-v2 groombook/api:flea-flicker/auto-create-staff-oauth-users groombook/api:docs/GRO-1099-uat-playbook-api groombook/api:flea-flicker/fix-ci-install-deps-v2 groombook/api:flea-flicker/fix-ci-install-deps
..
pull from: groombook/api:flea/gro-2294-route-opt-hardening
Branches Tags
groombook/api:main groombook/api:promote/uat-to-main-gro-2586 groombook/api:uat groombook/api:promote/GRO-2586-cors-to-uat groombook/api:dev groombook/api:feature/GRO-2586-cors-origin-reflection groombook/api:frozen/gro-2425-uat-to-main groombook/api:feature/GRO-2425-comma-split-cors-origin groombook/api:gro-2381-agents-contributing groombook/api:flea/uat-to-main-gro-2359-api groombook/api:release/main-GRO-2342-api groombook/api:release/main-GRO-2319-api groombook/api:flea/promote-main-gro-2311 groombook/api:promote/GRO-2319-api-to-uat groombook/api:feat/GRO-2319-portal-waitlist-surfacing groombook/api:flea/promote-main-gro-2172 groombook/api:dev-to-uat-gro-2311 groombook/api:flea/gro-2311-seed-portal-statusbadge-appts groombook/api:promote/gro-2172-pets-to-uat groombook/api:fix/gro-2172-pet-extended-fields groombook/api:uat-to-main-gro-2299 groombook/api:flea/promote-main-gro-2294 groombook/api:promote/dev-to-uat-gro-2299 groombook/api:gro-2299-redact-patch-settings groombook/api:flea/promote-gro-2294-uat groombook/api:flea/gro-2294-route-opt-hardening groombook/api:flea/uat-to-main-gro-2157-frozen groombook/api:promote/dev-to-uat-gro-2225 groombook/api:flea/gro-2157-navigation-export groombook/api:flea/gro-2235-waitlist-duplicate-409 groombook/api:feat/gro-2225-uat-seed-route-cohort groombook/api:flea/uat-to-main-gro-2234-api groombook/api:flea/dev-to-uat-gro-2156 groombook/api:flea-flicker/gro-2234-portal-session-sliding-ttl groombook/api:release/main-6120b96 groombook/api:flea/gro-2156-travel-buffer-reorder groombook/api:release/main-eb92f99 groombook/api:fix/gro-2214-portal-waitlist-validation groombook/api:fix/gro-2203-portal-pet-patch-uuid-validation groombook/api:dev-to-uat-gro-2155 groombook/api:feat/gro-2155-route-optimize-endpoints-dev groombook/api:fix/gro-2163-migrate-pre-dns-wait groombook/api:fix/gro-2187-portal-photokey-hijack groombook/api:dev-to-uat-gro-2154 groombook/api:feat/gro-2154-geocoding-endpoints-dev groombook/api:flea-flicker/gro-2197-ci-api-gate groombook/api:dev-to-uat-gro-2153 groombook/api:dev-to-uat-gro-2187 groombook/api:fix/gro-2187-portal-pets-patch groombook/api:dev-to-uat-gro-2129 groombook/api:flea-flicker/gro-2123-cleanup-stale-seed-duplicate groombook/api:dev-to-uat-gro-2123 groombook/api:flea-flicker/gro-2123-seed-advisory-lock groombook/api:promote/dev-to-uat-gro-2100 groombook/api:flea/gro-2100-uat-groomer-pet-linkage groombook/api:flea/gro-2062-owner-bypass-audit groombook/api:flea/gro-2052-rbac-betterauth-user-autoprovision groombook/api:dogfather/gro-2013-promote-uat groombook/api:flea/gro-2013-owner-bypass-deployed-tree groombook/api:flea/gro-2033-idempotent-pet-profile-migrations groombook/api:fix/gro-2014-profile-summary-error-handling groombook/api:flea/gro-2000-uat-password-source-doc groombook/api:fix/gro-1999-uat-seed-extra-large groombook/api:fix/gro-1983-seed-pnpm-baked groombook/api:fix/GRO-1979-coat-type-pet-size-enum-fix groombook/api:fleaflicker/GRO-1962-deterministic-testcoopper-rocky groombook/api:flea/gro-1977-seed-idempotency groombook/api:fix/GRO-1977-seed-credential-idempotency groombook/api:promote/dev-to-uat-gro-1971 groombook/api:fix/gro-1971-coat-type-enum-missing-short groombook/api:fix/GRO-1962-uat-seed-pet-medicalalerts groombook/api:flea/GRO-1955-fix-uc-undefined-seed groombook/api:fix/GRO-1909-migrate-corepack-offline groombook/api:fix/GRO-1953-coat-type-short-missing groombook/api:fleaflicker/gro-medical-alert-types-behavioral-skin groombook/api:fleaflicker/gro-1921-uat-reset-full-seed groombook/api:flea/GRO-1945-pets-visitcount-hotfix groombook/api:fix/GRO-1935-uat-customer-client-seed groombook/api:fix/GRO-1914-seed-typeof groombook/api:feature/GRO-1898-extended-pet-profile-seed groombook/api:seed/extended-profile-fields-gro-1898 groombook/api:fix/gro-1889-reset-demo-data-pnpm groombook/api:promote/dev-to-uat-gro-1866 groombook/api:fix/gro-1866-qa-fixes groombook/api:fix/gro-1866-sso-bridge groombook/api:fix/gro-1850-pet-profile-migration groombook/api:promote/dev-to-uat-gro-1790 groombook/api:flea-flicker/pet-profile-summary groombook/api:ff/gro-1765-trigger-ci groombook/api:promo/gro-1764-uat groombook/api:ci/gro-1757-build groombook/api:fix/gro-1757-sso-auto-provision groombook/api:fix/gro-1754-uat-ci groombook/api:fix/gro-1754-trigger-ci-v2 groombook/api:fix/gro-1752-factories-v2 groombook/api:fix/gro-1752-factories-only groombook/api:fix/gro-1746-apply-uat-seed-to-root-src groombook/api:fix/gro-1752-extended-pet-profile-fields groombook/api:promo/gro-1749-uat groombook/api:fix/gro-1749-uat-seed-sync groombook/api:fix/gro-1743-uat-seed-data groombook/api:fix/gro-1480-portal-pets-patch groombook/api:fix/gro-1678-econnreset-robustness groombook/api:fix/gro-1576-ci-provenance-false groombook/api:fix/gro-1575-ci-provenance groombook/api:fix/gro-1566-api-health-auth-bypass groombook/api:fix/gro-1544-api-health-endpoint groombook/api:fix/gro-1533-migration-0031-coat-type groombook/api:fix/gro-1533-missing-migration-0032 groombook/api:fix/gro-1533-missing-migration-journal groombook/api:revert/gro-1533-dockerfile-fix groombook/api:fix/gro-1533-revert-dockefile-build-change groombook/api:flea-flicker/gro-1531-seed-db-filter groombook/api:fix/gro-1522-ci-images-node22 groombook/api:pr-44 groombook/api:flea-flicker/gro-1509-better-auth-account-not-linked groombook/api:flea-flicker/gro-1162-pet-buffer-time groombook/api:fix/gro-1461-uat-playbook-auto-provision groombook/api:flea-flicker/pet-profile-editor groombook/api:fix/gro-1441-remove-duplicate-coat-props groombook/api:fix/gro-1390-pets-test-mock-hoisting groombook/api:fix/gro-1395-drizzle-orm-root-dep groombook/api:gitea/migrate-workflows groombook/api:flea-flicker/fix-gro-1370-ts-and-test-errors groombook/api:fix/api/add-devdep-drizzle-orm-fix-vitest groombook/api:pr-19 groombook/api:flea-flicker/uat-email-password-seed groombook/api:fleaflicker/gro-1272-v2 groombook/api:fleaflicker/gro-1272-auto-provision-staff groombook/api:add-renovate-config groombook/api:flea-flicker/gro-1231-pnpm-workspace-dockerfile groombook/api:fix/GRO-1202-rate-limit-override groombook/api:fix/typescript-errors groombook/api:flea-flicker/pet-profile-extended-fields groombook/api:fix/uat-tester-oidc-sub groombook/api:flea-flicker/fix-authprovider-mock-path groombook/api:flea-flicker/auto-create-staff-oauth-users-v2 groombook/api:flea-flicker/auto-create-staff-oauth-users groombook/api:docs/GRO-1099-uat-playbook-api groombook/api:flea-flicker/fix-ci-install-deps-v2 groombook/api:flea-flicker/fix-ci-install-deps

1 Commits
flea/promote-main-gro-2294 .. flea/gro-2294-route-opt-hardening

Author SHA1 Message Date
Flea Flicker c7007051d7 GRO-2294: Route Optimization security hardening (LOW)
CI / Test (pull_request) Successful in 28s
Details
CI / Lint & Typecheck (pull_request) Successful in 34s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m28s
Details 
Two defense-in-depth fixes from the GRO-2162 feature-level security review:

1. Enforce the documented ?limit cap on POST /api/clients/geocode-batch.
   The handler now clamps limit to GEOCODE_BATCH_MAX_LIMIT (500) after the
   positive-integer check, bounding synchronous request duration and per-request
   external API cost when routeOptimizationProvider = "google".

2. Redact the encrypted googleMapsApiKey from GET /api/admin/settings on both
   the existing-row and auto-create branches. The ciphertext is never needed
   client-side and is now stripped via redactSettings().

Adds route-level tests for the limit clamp (default/passthrough/clamp/floor/
reject) and the settings redaction (both branches). Updates UAT_PLAYBOOK.md
TC-API-2.13a and TC-API-13.1.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-09 06:12:42 +00:00
Expand all files Collapse all files

Diff Content Not Available