CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-04 21:04:37 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix tests

Browse Source
This commit is contained in:
Konstantin Wohlwend 2026-05-23 12:29:20 -07:00
parent 281701e99d
commit 725f2da886
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.claude/CLAUDE-KNOWLEDGE.md
View File

@ -544,3 +544,6 @@ A: `Project.createAndSwitch` should leave `backendContext.projectKeys` set to re
## Q: How should backend SMTP SSRF checks be rolled out?
A: Keep the real outbound SMTP policy in `apps/backend/src/private/implementation/smtp-egress-policy.ts`, export it through `apps/backend/src/private/index.ts`, and provide a simple `implementation-fallback` function for self-hosters. It should allow only SMTP ports 25, 465, 587, 2465, 2587, and 2525, reject internal IP literals or DNS resolutions, and initially run report-only from `emails-low-level.tsx` via `captureError("smtp-egress-policy-report-only", ...)` before enforcing hard failures.
## Q: What project-level `sourceOfTruth` config is supported?
A: Project config overrides only support the hosted `sourceOfTruth` shape. Legacy external source-of-truth overrides such as Postgres or Neon are removed by `migrateConfigOverride("project", ...)`, while raw schema validation should reject them.

12
apps/backend/src/lib/config.tsx
View File

@ -772,22 +772,18 @@ import.meta.vitest?.test('_validateConfigOverrideSchemaImpl(...)', async ({ expe
// Actual configs — advanced cases
expect(await validateConfigOverrideSchema(projectConfigSchema, projectSchemaBase, {
sourceOfTruth: {
type: 'postgres',
connectionString: 'postgres://user:pass@host:port/db',
type: 'hosted',
},
})).toEqual(Result.ok(null));
expect(await validateConfigOverrideSchema(projectConfigSchema, projectSchemaBase, {
sourceOfTruth: {
type: 'postgres',
connectionString: 'postgres://user:pass@host:port/db',
},
})).toEqual(Result.error(deindent`
[WARNING] sourceOfTruth is not matched by any of the provided schemas:
[ERROR] sourceOfTruth is not matched by any of the provided schemas:
Schema 0:
sourceOfTruth.type must be one of the following values: hosted
Schema 1:
sourceOfTruth.connectionStrings must be defined
Schema 2:
sourceOfTruth.connectionString must be defined
sourceOfTruth contains unknown properties: connectionString
`));
// Dot-notation keys that dot into nothing — detected by simulating the rendering pipeline