Skip to content

Commit 72d9a35

Browse files
authored
Merge pull request #251 from coder13/dev
Release user-scoped solve history preview
2 parents e15ef4c + 318f9f9 commit 72d9a35

4 files changed

Lines changed: 23 additions & 14 deletions

File tree

README.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -114,9 +114,10 @@ RaceSession and starts a new one; earlier attempts and solves remain preserved
114114
under their earlier session.
115115

116116
Solve penalties use dedicated boolean columns rather than JSON so histories and
117-
statistics remain compact and index-friendly. Development-only
118-
`GET /api/solve-history` reads PostgreSQL session-linked history for the
119-
authenticated participant and is explicitly disabled in production.
117+
statistics remain compact and index-friendly. `GET /api/solve-history` reads
118+
PostgreSQL session-linked history for the authenticated participant. It is
119+
enabled in development and may be enabled for selected production users with
120+
`FEATURE_SOLVE_HISTORY_USER_IDS`.
120121

121122
Set `POSTGRES_ENABLED=false` to disable mirroring. Production should set
122123
`PGHOST`, `PGDATABASE`, `PGUSER`, and `POSTGRES_PASSWORD`, or provide a

docs/data.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -51,11 +51,12 @@ new one, preserving the earlier session's attempts and solves. Complete
5151
snapshots are reserved for explicit backfill behavior.
5252

5353
`GET /api/solve-history` is a PostgreSQL-only, authenticated self-history
54-
endpoint enabled only when `NODE_ENV=development`. It returns only
55-
session-linked solves for a current non-banned room participant; hidden,
56-
expired, and soft-deleted rooms remain readable to that participant. It never
57-
falls back to MongoDB or selects access codes, passwords, membership lists,
58-
moderation data, or email data.
54+
endpoint enabled in development and optionally for selected production users
55+
through `FEATURE_SOLVE_HISTORY_USER_IDS`. It returns only session-linked solves
56+
for a current non-banned room participant; hidden, expired, and soft-deleted
57+
rooms remain readable to that participant. It never falls back to MongoDB or
58+
selects access codes, passwords, membership lists, moderation data, or email
59+
data.
5960

6061
The mirror intentionally catches database failures and returns control to the
6162
MongoDB-backed request. Monitoring must surface mirror errors because users may

server/api.js

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,7 @@ module.exports = (app) => {
3737
res.json(req.user.toObject());
3838
});
3939

40-
if (isFeatureEnabled('solveHistory')) {
41-
router.use('/solve-history', auth, createSolveHistoryRouter());
42-
} else {
43-
router.use('/solve-history', createSolveHistoryRouter());
44-
}
40+
router.use('/solve-history', auth, createSolveHistoryRouter());
4541

4642
router.put('/updateUsername', auth, async (req, res) => {
4743
try {

server/api.test.js

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,10 @@
44
jest.mock('./models', () => ({
55
User: { findOne: jest.fn() },
66
}));
7-
jest.mock('./middlewares/auth.js', () => (req, res, next) => next());
7+
jest.mock('./middlewares/auth.js', () => jest.fn((req, res, next) => next()));
88

99
const { User } = require('./models');
10+
const auth = require('./middlewares/auth.js');
1011
const router = require('./api')();
1112

1213
const updateUsernameHandler = router.stack
@@ -74,3 +75,13 @@ describe('username API responses', () => {
7475
}));
7576
});
7677
});
78+
79+
describe('solve history API access', () => {
80+
it('requires authentication before checking the feature flag', () => {
81+
const authLayer = router.stack.find((layer) => (
82+
String(layer.regexp).includes('solve-history') && layer.handle === auth
83+
));
84+
85+
expect(authLayer).toBeDefined();
86+
});
87+
});

0 commit comments

Comments
 (0)