groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GRO-2299): redact googleMapsApiKey from PATCH /api/admin/settings response #195

Merged
Flea Flicker merged 1 commits from gro-2299-redact-patch-settings into dev 2026-06-09 06:52:49 +00:00
Conversation 0 Commits 1 Files Changed 3
+57 -2

1 Commits

Author SHA1 Message Date
Flea Flicker 5f01df819e fix(GRO-2299): redact googleMapsApiKey from PATCH /api/admin/settings response
CI / Test (pull_request) Successful in 24s
Details
CI / Lint & Typecheck (pull_request) Successful in 27s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m18s
Details 
The PATCH handler returned the full businessSettings row via .returning(),
echoing the encrypted googleMapsApiKey ciphertext back to the caller. Wrap the
return in the existing redactSettings() helper (after a !updated guard) so
redaction is applied symmetrically with the GET projection (GRO-2294).

- src/routes/settings.ts: guard + redactSettings(updated) on PATCH return
- src/__tests__/settings.test.ts: assert PATCH omits googleMapsApiKey
  (existing-row and auto-create-then-update branches)
- UAT_PLAYBOOK.md §13 TC-API-13.2: assert PATCH response omits the secret

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-09 06:50:20 +00:00