feat(feedback): in-app user feedback with admin review and account roles
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
User-facing Feedback screen (Settings -> Info, registered accounts only): a message (<=1024 runes) plus one optional attachment, an anti-spam gate (one unreviewed message at a time), and the operator's inline reply with a Settings/Info badge. Server-rendered admin console section (/_gm/feedback): unread/read/archived queue with per-user search, detail with read/reply/ archive/delete/delete-all, safe attachment serving (nosniff, images inline via <img>, others download-only). Introduces account_roles, the first per-account role table; feedback_banned blocks only feedback submission, granted/revoked from /users and the delete-with-block action. - migration 00004_feedback (feedback_messages + account_roles) + jetgen - backend internal/feedback (store+service), internal/account/roles.go - wire: FlatBuffers feedback.submit/get/unread; gateway guest gate (Op.NonGuest, is_guest via session resolve) -> guest_forbidden before any backend call - reply push reuses NotificationEvent with a new admin_reply sub-kind - UI: /feedback route + screen, attachment picker, badge, channel detection, i18n - tests: feedback unit (Go+UI), gateway guest-gate, inttest lifecycle, e2e - docs: PLAN stage 19, ARCHITECTURE s15, FUNCTIONAL(+ru), TESTING, READMEs
This commit is contained in:
@@ -0,0 +1,24 @@
|
||||
import { describe, expect, it } from 'vitest';
|
||||
import { attachmentError, MAX_ATTACHMENT_BYTES } from './feedback';
|
||||
|
||||
describe('attachmentError', () => {
|
||||
it('accepts allowed extensions within the size cap', () => {
|
||||
expect(attachmentError('shot.png', 1000)).toBe('');
|
||||
expect(attachmentError('Photo.JPG', 1000)).toBe(''); // case-insensitive
|
||||
expect(attachmentError('report.pdf', 1000)).toBe('');
|
||||
expect(attachmentError('my.notes.docx', 1000)).toBe(''); // dotted name
|
||||
expect(attachmentError('logs.7z', MAX_ATTACHMENT_BYTES)).toBe('');
|
||||
});
|
||||
|
||||
it('rejects disallowed or extensionless names', () => {
|
||||
expect(attachmentError('evil.exe', 10)).toBe('type');
|
||||
expect(attachmentError('x.svg', 10)).toBe('type'); // XSS vector, not allowed
|
||||
expect(attachmentError('x.html', 10)).toBe('type');
|
||||
expect(attachmentError('README', 10)).toBe('type');
|
||||
expect(attachmentError('', 10)).toBe('type');
|
||||
});
|
||||
|
||||
it('rejects too-large files', () => {
|
||||
expect(attachmentError('shot.png', MAX_ATTACHMENT_BYTES + 1)).toBe('size');
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user