Skip to content

fix: harden store migrations, auth, and dashboard API calls#28

Open
garywhat wants to merge 1 commit into
vibe-coding-labs:mainfrom
garywhat:fix/robustness-improvements
Open

fix: harden store migrations, auth, and dashboard API calls#28
garywhat wants to merge 1 commit into
vibe-coding-labs:mainfrom
garywhat:fix/robustness-improvements

Conversation

@garywhat

Copy link
Copy Markdown

Summary

Several small robustness fixes across the backend:

  • store: Use addColumnIfMissing() for ALTER TABLE migrations instead of bare Exec — avoids errors on re-run and logs skipped duplicates
  • store: Add index on error_message for faster recent-errors queries
  • auth/jdlogin: Handle http.NewRequest errors and add defer resp.Body.Close to prevent connection leaks in QR login flow
  • auth/middleware: Use json.Marshal for error responses instead of string concatenation (prevents JSON injection if msg ever contains quotes/backslashes)
  • dashboard: Add 10s timeout to GitHub API client so a slow/unreachable API can't hold handler goroutines indefinitely
  • dashboard: Check json.Encoder return errors instead of ignoring them

Test plan

  • Go build passes
  • Verified store migrations run cleanly on fresh DB and on existing DB (no duplicate column errors)
  • Verified QR login still works with error handling in place
  • Verified dashboard loads with GitHub API timeout (returns gracefully if API is slow)

Generated with Devin

Several small robustness fixes across the backend:

- store: use addColumnIfMissing() for ALTER TABLE migrations instead of
  bare Exec (avoids errors on re-run, logs skipped duplicates)
- store: add error_message index for faster recent-errors queries
- auth/jdlogin: handle http.NewRequest errors and add defer resp.Body.Close
  to prevent connection leaks in QR login flow
- auth/middleware: use json.Marshal for error responses instead of string
  concatenation (prevents JSON injection if msg contains quotes)
- dashboard: add 10s timeout to GitHub API client so a slow/unreachable
  API can't hold handler goroutines indefinitely
- dashboard: check json.Encoder return errors instead of ignoring

Generated with [Devin](https://devin.ai)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant