fix(recipes): address B2 review — tags, sort, edit link, types, a11y, tests

- RecipeHero: render tag pills, min-h-[200px/240px], fix back link styling, remove font-[400] - IngredientList: sort by sortOrder ascending - StepList: aria-hidden on step circles - types.ts: add Tag, Ingredient, Step, RecipeDetail shared types - +page.svelte: add Edit link → /recipes/[id]/edit (desktop topbar) - Tests: tag pills, sortOrder sort, edit link, image variant, 403-as-404 documented Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-03 10:07:19 +02:00
parent 00c48a7c96
commit 0256b4360b
9 changed files with 133 additions and 38 deletions
--- a/frontend/src/routes/(app)/recipes/[id]/page.server.test.ts
+++ b/frontend/src/routes/(app)/recipes/[id]/page.server.test.ts
@@ -54,4 +54,13 @@ describe('recipe detail page — load', () => {
 			load({ fetch: vi.fn(), params: { id: 'nonexistent' } } as any)
 		).rejects.toMatchObject({ status: 404 });
 	});
+
+	it('throws 404 error when API returns 403 (different household — intentional)', async () => {
+		// Security design: we return 404 for both "not found" and "forbidden"
+		// to avoid revealing resource existence to unauthorized users
+		mockGet.mockResolvedValue({ data: undefined, error: { status: 403 } });
+		await expect(
+			load({ fetch: vi.fn(), params: { id: 'r-other-household' } } as any)
+		).rejects.toMatchObject({ status: 404 });
+	});
 });