Feat/fix cache testcase issues

[manishdex25]

Summary

What is the background of this pull request?

Changes

• What are the changes made in this pull request?
• Change this and that, etc...

Issues

What are the related issues or stories?

Summary by CodeRabbit

• Configuration

  • Refined origin-based HTTP header handling to improve cross-origin request processing and response caching behavior.
  • Updated core dependency to a newer stable version.

• Tests

  • Updated integration tests with latest fixture standards and expanded CORS validation coverage.

[netlify]

✅ Deploy Preview for tradetrust-functions ready!

Name	Link
🔨 Latest commit	9f04c20
🔍 Latest deploy log	https://app.netlify.com/projects/tradetrust-functions/deploys/6a041b97963d4000081bc492
😎 Deploy Preview	https://deploy-preview-86--tradetrust-functions.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Rate limit exceeded

@manishdex25 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 51 minutes and 48 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 99810200-1d13-4476-91d9-f5576adcb6f2

📥 Commits

Reviewing files that changed from the base of the PR and between c7a888d and 9f04c20.

📒 Files selected for processing (1)

• tests/integration/headers.test.ts

📝 Walkthrough

Walkthrough

The PR removes wildcard CORS headers and adds Origin-varying middleware to serverless functions while migrating integration tests to V3 Sepolia documents. The @trustvc/trustvc dependency is upgraded to support V3 document handling.

Changes

CORS and Origin-Varying Configuration with V3 Document Support

Layer / File(s)	Summary
CORS Configuration and Origin-Varying Middleware netlify.toml, netlify/functions/storage/index.ts, netlify/functions/verify/index.ts, package.json	The wildcard Access-Control-Allow-Origin: * header is removed from netlify.toml. Express middleware is added to both serverless functions (storage and verify) to call res.vary("Origin") before CORS is applied, ensuring responses correctly reflect Origin-based variation under serverless-http. The @trustvc/trustvc dependency is bumped from ^2.0.7 to ^2.12.2.
Test Fixture Migration to V3 Sepolia Documents tests/integration/document-storage.test.ts, tests/integration/document-verify.test.ts, tests/integration/headers.test.ts	Sepolia V2 document fixture imports are replaced with V3 fixtures across storage, verify, and headers tests. The postDataSepoliaV2 payloads are updated to wrap V3 documents instead of V2. A new CORS test case is added to assert that requests with Origin: https://ref.tradetrust.io are accepted (HTTP 200), using the updated V3 document payload and existing API key/CSRF configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• TradeTrust/tradetrust-functions#76: Both PRs upgrade the @trustvc/trustvc dependency version to support V3 document handling.
• TradeTrust/tradetrust-functions#83: Both PRs add middleware to storage and verify Netlify functions to handle Origin-related behavior for CORS requests.

Suggested reviewers

• rongquan1
• RishabhS7

Poem

🐰 A CORS fix hops into the light,
Origins now vary left and right.
V3 documents skip with glee,
Through verify storage wild and free.
Trustvc upgraded, headers set right—
One secure leap makes all things bright!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is entirely a placeholder template with no concrete details filled in about the actual changes made in the PR.	Replace placeholder template with actual content describing the background, specific changes made (CORS config, middleware, dependency updates, test updates), and related issues/stories.
Title check	❓ Inconclusive	The title 'Feat/fix cache testcase issues' is vague and generic, using non-descriptive terms that don't convey meaningful information about the actual changes (CORS header removal, middleware additions, dependency updates, test fixture updates).	Consider a more descriptive title that reflects the main changes, such as 'Fix CORS headers and cache handling in serverless functions' or 'Update CORS configuration and test fixtures for Origin variation'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/fix-cache-testcase-issues

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

tests/integration/document-storage.test.ts (2)

22-22: ⚡ Quick win

Rename postDataSepoliaV2 to reflect that it now contains a V3 document.

The variable postDataSepoliaV2 is assigned documentSepoliaV3, creating a misleading name. This inconsistency will confuse future maintainers about what document version is actually being tested.

♻️ Suggested refactoring

Either rename the variable to match its content:

-const postDataSepoliaV2 = { document: documentSepoliaV3 };
+const postDataSepoliaV2_MigratedToV3 = { document: documentSepoliaV3 };

Or if the intent is to test V3 documents with the V2 endpoint path, clarify this in the variable name and add a comment explaining why V3 documents are sent to a "V2" test case.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/document-storage.test.ts` at line 22, The variable name
postDataSepoliaV2 is misleading because it holds documentSepoliaV3; rename
postDataSepoliaV2 to postDataSepoliaV3 (or postDataSepoliaV3ForV2Endpoint if the
test intentionally posts a V3 document to a V2 endpoint) and update any
references in tests to use the new identifier; if keeping the V2 name for a
specific test purpose, add a one-line comment near the declaration explaining
why a V3 document is being used with the V2-named variable.

---

46-59: ⚡ Quick win

Update test description to reflect V3 document usage.

The test description says "should store encrypted v2 sepolia document" but the test now uses postDataSepoliaV2 which contains documentSepoliaV3. This mismatch between the description and actual test data is misleading.

♻️ Suggested fix

Update the test description to accurately reflect what's being tested:

-  it("should store encrypted v2 sepolia document", async () => {
+  it("should store encrypted v3 sepolia document (v2 variable migration)", async () => {

Or if this test is intended to verify that the endpoint handles both V2 and V3 documents, clarify that in the description and add a comment explaining the test's purpose.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/document-storage.test.ts` around lines 46 - 59, The test
description is misleading: update the it(...) description for the test named
"should store encrypted v2 sepolia document" (which sends postDataSepoliaV2 that
contains documentSepoliaV3) so it accurately reflects the payload (e.g., "should
store encrypted v3 sepolia document") or change the test data/variable name to
match V2; ensure references to postDataSepoliaV2 and documentSepoliaV3 are
consistent and, if the intent is to cover both versions, broaden the description
to state that the endpoint handles V2 and V3 and add a short comment clarifying
the purpose.

tests/integration/document-verify.test.ts (2)

22-22: ⚡ Quick win

Rename postDataSepoliaV2 to reflect that it now contains a V3 document.

The variable postDataSepoliaV2 is assigned documentSepoliaV3, creating the same misleading naming issue as in document-storage.test.ts. This inconsistency makes it unclear what document version is being tested.

♻️ Suggested refactoring

Rename the variable to match its content:

-const postDataSepoliaV2 = { document: documentSepoliaV3 };
+const postDataSepoliaV2_MigratedToV3 = { document: documentSepoliaV3 };

Then update all references to this variable throughout the test file (lines 44, 53, 86, 119).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/document-verify.test.ts` at line 22, The variable name
postDataSepoliaV2 is misleading because it holds documentSepoliaV3; rename
postDataSepoliaV2 to postDataSepoliaV3 (or another name that reflects V3) and
update every reference in this test file to use the new identifier, including
usages in assertions and request payloads so the variable name accurately
matches documentSepoliaV3 and avoids confusion with V2 fixtures.

---

48-58: ⚡ Quick win

Update test description to reflect V3 document usage.

The test description says "should verify a v2 sepolia document with sepolia network query" but uses postDataSepoliaV2 which now contains documentSepoliaV3.

♻️ Suggested fix

-  it("should verify a v2 sepolia document with sepolia network query", async () => {
+  it("should verify a v3 sepolia document with sepolia network query", async () => {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/document-verify.test.ts` around lines 48 - 58, Update the
test's description string to correctly reflect the document version being used:
change the it(...) description from "should verify a v2 sepolia document with
sepolia network query" to something like "should verify a v3 sepolia document
with sepolia network query" (the test block using the it(...) callback and the
postDataSepoliaV2 variable which contains documentSepoliaV3 should have a
matching description); alternatively, if you intended to test v2, swap the
payload to a v2 fixture instead of postDataSepoliaV2 — make the change in the
it(...) test declaration and ensure the symbol postDataSepoliaV2 or the payload
name aligns with documentSepoliaV3.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/integration/headers.test.ts`:
- Around line 80-89: The test description is duplicated; update the it(...)
string for the test that sets Origin to "https://ref.tradetrust.io" so it is
unique and specific (e.g., mention the "ref.tradetrust.io" origin). Locate the
test in tests/integration/headers.test.ts (the it block that calls
request.post("/").set("Origin",
\"https://ref.tradetrust.io\").send(postData).expect(200)) and change its
description text accordingly.

---

Nitpick comments:
In `@tests/integration/document-storage.test.ts`:
- Line 22: The variable name postDataSepoliaV2 is misleading because it holds
documentSepoliaV3; rename postDataSepoliaV2 to postDataSepoliaV3 (or
postDataSepoliaV3ForV2Endpoint if the test intentionally posts a V3 document to
a V2 endpoint) and update any references in tests to use the new identifier; if
keeping the V2 name for a specific test purpose, add a one-line comment near the
declaration explaining why a V3 document is being used with the V2-named
variable.
- Around line 46-59: The test description is misleading: update the it(...)
description for the test named "should store encrypted v2 sepolia document"
(which sends postDataSepoliaV2 that contains documentSepoliaV3) so it accurately
reflects the payload (e.g., "should store encrypted v3 sepolia document") or
change the test data/variable name to match V2; ensure references to
postDataSepoliaV2 and documentSepoliaV3 are consistent and, if the intent is to
cover both versions, broaden the description to state that the endpoint handles
V2 and V3 and add a short comment clarifying the purpose.

In `@tests/integration/document-verify.test.ts`:
- Line 22: The variable name postDataSepoliaV2 is misleading because it holds
documentSepoliaV3; rename postDataSepoliaV2 to postDataSepoliaV3 (or another
name that reflects V3) and update every reference in this test file to use the
new identifier, including usages in assertions and request payloads so the
variable name accurately matches documentSepoliaV3 and avoids confusion with V2
fixtures.
- Around line 48-58: Update the test's description string to correctly reflect
the document version being used: change the it(...) description from "should
verify a v2 sepolia document with sepolia network query" to something like
"should verify a v3 sepolia document with sepolia network query" (the test block
using the it(...) callback and the postDataSepoliaV2 variable which contains
documentSepoliaV3 should have a matching description); alternatively, if you
intended to test v2, swap the payload to a v2 fixture instead of
postDataSepoliaV2 — make the change in the it(...) test declaration and ensure
the symbol postDataSepoliaV2 or the payload name aligns with documentSepoliaV3.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 341aa01a-f3df-4451-97a3-7aa59ebb8904

📥 Commits

Reviewing files that changed from the base of the PR and between fa3fcdb and c7a888d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (7)

• netlify.toml
• netlify/functions/storage/index.ts
• netlify/functions/verify/index.ts
• package.json
• tests/integration/document-storage.test.ts
• tests/integration/document-verify.test.ts
• tests/integration/headers.test.ts

💤 Files with no reviewable changes (1)

• netlify.toml