mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2026-05-05 20:26:49 +02:00
Code Issues Projects Releases Wiki Activity
etherpad-lite/src
History
John McLear 88610f6bee fix(authors): action Qodo review — lastSeen, flag-gating, defensive payloads 
Qodo on PR #7667 surfaced three issues:

1. (Bug, Correctness) lastSeen lost or stale.
   - mapAuthorWithDBKey only updated `timestamp` for returning authors
     so the admin /authors 'Last seen' column drifted on every reconnect
     without an identity write. Now stamps both timestamp and lastSeen.
   - anonymizeAuthor's two db.set calls overwrote globalAuthor without
     preserving lastSeen, blanking the column for erased rows. Both
     writes now carry forward `existing.lastSeen ?? existing.timestamp`.
   - searchAuthors falls back to rec.timestamp when rec.lastSeen is
     missing so legacy records aren't blank.

2. (Rule violation, Security) /authors route not flag-gated.
   The new admin-socket read paths (authorLoad, anonymizeAuthorPreview)
   were always-on; only the destructive anonymizeAuthor was gated.
   Project rule (Compliance ID 6) requires new features behind a flag,
   disabled by default. All three handlers now check
   gdprAuthorErasure.enabled and return {error:'disabled'} when off.
   The sidebar 'Authors' link is hidden when the flag is off
   (deep-link to /admin/authors still works and renders the existing
   disabled banner so docs can point to it).

3. (Bug, Reliability) Socket destructure throws on missing payload.
   Handlers signed `async ({authorID}: {authorID: string}) => …`
   threw before try/catch when a client emitted with no payload,
   producing an unhandled rejection. Switched to
   `async (payload: any) => { const authorID = payload?.authorID; … }`.

Test impact: anonymizeAuthorSocket gains two regressions (authorLoad
disabled-shape, payload-less emits don't crash) and updates the
preview-when-flag-off test to assert {error:'disabled'} per the new
gating posture (was 'preview still works'). admintroubleshooting
sidebar-count reverts 7 → 6 since the Authors link is now conditional
on the flag (off by default in the test environment).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 08:14:45 +01:00
..
locales
feat(colors): add padOptions.fadeInactiveAuthorColors with toolbar UI (#7554)
2026-05-03 04:01:13 +08:00
node
fix(authors): action Qodo review — lastSeen, flag-gating, defensive payloads
2026-05-04 08:14:45 +01:00
static
feat(gdpr): configurable privacy banner (PR4 of #6701) (#7549)
2026-05-03 13:59:38 +08:00
templates
feat(colors): add padOptions.fadeInactiveAuthorColors with toolbar UI (#7554)
2026-05-03 04:01:13 +08:00
tests
fix(authors): action Qodo review — lastSeen, flag-gating, defensive payloads
2026-05-04 08:14:45 +01:00
.eslintrc.cjs
Feat/admin react (#6211)
2024-03-09 23:07:09 +01:00
ep.json
feat(updater): tier 1 — notify admin and pad users of available updates (#7601)
2026-05-01 20:02:12 +08:00
etherpad_icon.svg
Change favicon to be closer to new style
2020-04-19 18:20:21 +02:00
package.json
build(deps-dev): bump the dev-dependencies group across 1 directory with 2 updates (#7653)
2026-05-03 06:00:36 +01:00
playwright.config.ts
test(playwright): un-skip ep_headings2 spec under WITH_PLUGINS (#7634)
2026-04-30 06:12:23 +01:00
README.md
remove one less warning during install by having a readme placeholder
2013-02-10 03:04:08 +00:00
tsconfig.json
🩹 — Avoid duplicate key "types" in tsconfig (#7610)
2026-04-28 13:06:43 +08:00
vitest.config.ts
Feat/changeset ts (#6594)
2024-08-18 12:14:24 +02:00
web.config
Added typescript to etherpad
2024-02-05 21:13:02 +01:00

README.md

Ignore this file and see the file in the base installation folder