Problem statement
getSystemConfig() trusts DB rows via a cast and never parses against SystemConfigSchema; only the admin read handler validates.
There’s also a TTL comment/value mismatch (300_000 ms labeled as 30 seconds)
see code:
- src/config/getSystemConfig.ts (line 1),
- src/controllers/systemConfig.ts (line 105)
Proposed solution
Schema-validate on runtime load, fail loudly on invalid config, and align cache docs/tests
Alternatives considered
No response
Impact area
Security
Problem statement
getSystemConfig()trusts DB rows via a cast and never parses againstSystemConfigSchema; only the admin read handler validates.There’s also a TTL comment/value mismatch (300_000 ms labeled as 30 seconds)
see code:
Proposed solution
Schema-validate on runtime load, fail loudly on invalid config, and align cache docs/tests
Alternatives considered
No response
Impact area
Security