marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(staples): validate isStaple is boolean before forwarding to backend

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel Raddatz
2026-04-03 09:24:35 +02:00
parent 65f18cfb43
commit 21b873b85b
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
frontend/src/routes/household/staples/+server.ts
View File

@@ -10,6 +10,10 @@ export const PATCH: RequestHandler = async ({ request, fetch }) => {
return json({ error: 'id is required' }, { status: 400 }); return json({ error: 'id is required' }, { status: 400 });
} }
if (typeof isStaple !== 'boolean') {
return json({ error: 'isStaple must be a boolean' }, { status: 400 });
}
const api = apiClient(fetch); const api = apiClient(fetch);
const { error } = await api.PATCH('/v1/ingredients/{id}', { const { error } = await api.PATCH('/v1/ingredients/{id}', {
params: { path: { id } }, params: { path: { id } },

14
frontend/src/routes/household/staples/server.test.ts
View File

@@ -60,4 +60,18 @@ describe('household staples PATCH handler', () => {
expect(response.status).toBe(400); expect(response.status).toBe(400);
expect(mockPatch).not.toHaveBeenCalled(); expect(mockPatch).not.toHaveBeenCalled();
}); });
it('returns 400 when isStaple is missing', async () => {
const response = await PATCH(createRequest({ id: 'ing-1' }));
expect(response.status).toBe(400);
expect(mockPatch).not.toHaveBeenCalled();
});
it('returns 400 when isStaple is not a boolean', async () => {
const response = await PATCH(createRequest({ id: 'ing-1', isStaple: 'yes' }));
expect(response.status).toBe(400);
expect(mockPatch).not.toHaveBeenCalled();
});
}); });