fix first-login rendering glitches and harden quality checks (#2614)

Author: baderdean

.husky/pre-commit

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+npm run precommit:check

backend/src/controllers/enrichment.controller.ts

@@ -20,19 +20,27 @@ async function preEnrichmentMiddleware(
   const { contact, enrichAllContacts, updateEmptyFieldsOnly } = req.body;
   const contacts = [...(req.body.contacts ?? []), contact].filter(Boolean);
 
-  if (!enrichAllContacts && !Array.isArray(contacts)) {
+  if (!enrichAllContacts && contacts.length === 0) {
     const msg = 'Missing parameter contact or contacts';
     return res.status(400).json({ message: msg });
   }
 
   try {
-    res.locals.enrichment = await prepareForEnrichment(
+    const enrichment = await prepareForEnrichment(
       user.id,
       enrichAllContacts ?? false,
       updateEmptyFieldsOnly,
-      contacts,
-      res
+      contacts
     );
+
+    if (enrichment.available === 0) {
+      return res.status(402).json({
+        total: enrichment.total,
+        available: enrichment.available
+      });
+    }
+
+    res.locals.enrichment = enrichment;
     return next();
   } catch (error) {
     return next(error);

backend/src/controllers/enrichment.helpers.ts

@@ -1,4 +1,3 @@
-import { Response } from 'express';
 import { EngineResponse, EngineResult } from '../services/enrichment/Engine';
 
 import Billing from '../utils/billing-plugin';
@@ -81,20 +80,18 @@ export async function prepareForEnrichment(
   userId: string,
   enrichAll: boolean,
   updateEmptyFieldsOnly: boolean,
-  contacts: Contact[],
-  res: Response
+  contacts: Contact[]
 ) {
   const toEnrich = await getContactsToEnrich(userId, enrichAll, contacts);
   const { total, available } = await restrictOrDecline(userId, toEnrich.length);
-
-  if (available === 0) {
-    return res.status(402).json({ total, available });
-  }
+  const selectedContacts = toEnrich.slice(0, available);
 
   return {
+    total,
+    available,
     updateEmptyFieldsOnly,
-    contacts: toEnrich.slice(0, available),
-    contact: toEnrich.slice(0, available)[0]
+    contacts: selectedContacts,
+    contact: selectedContacts[0]
   };
 }
 
@@ -178,7 +175,7 @@ export async function enrichPersonSync(
     enriched.add(result.data[0].email);
   }
 
-  if (enriched.size > 1) {
+  if (enriched.size > 0) {
     await Billing?.deductCustomerCredits(task.userId, enriched.size);
   }
 

backend/src/controllers/imap.controller.ts

@@ -67,6 +67,10 @@ export default function initializeImapController(miningSources: MiningSources) {
           .json({ message: `Invalid input: ${errors.join(', ')}` });
       }
 
+      let imapConnection: Awaited<
+        ReturnType<typeof ImapConnectionProvider.getSingleConnection>
+      > | null = null;
+
       try {
         const userId = (res.locals.user as User).id;
         const data = await miningSources.getCredentialsBySourceEmail(
@@ -106,7 +110,7 @@ export default function initializeImapController(miningSources: MiningSources) {
           }
         }
 
-        const imapConnection = await ImapConnectionProvider.getSingleConnection(
+        imapConnection = await ImapConnectionProvider.getSingleConnection(
           email,
           'accessToken' in data
             ? {
@@ -123,8 +127,6 @@ export default function initializeImapController(miningSources: MiningSources) {
         const imapBoxesFetcher = new ImapBoxesFetcher(imapConnection, logger);
         const tree: any = await imapBoxesFetcher.getTree(data.email);
 
-        await imapConnection.logout();
-
         logger.info('Mining IMAP tree succeeded.', {
           metadata: {
             user: hashEmail(data.email, userId)
@@ -152,6 +154,17 @@ export default function initializeImapController(miningSources: MiningSources) {
           return res.status(generatedError.status).send(generatedError);
         }
         return next(generatedError);
+      } finally {
+        if (imapConnection) {
+          try {
+            await imapConnection.logout();
+          } catch (logoutError) {
+            logger.warn(
+              'Unable to close IMAP connection cleanly.',
+              logoutError
+            );
+          }
+        }
       }
     }
   };

backend/src/controllers/mining.controller.ts

@@ -58,6 +58,39 @@ async function exchangeForToken(
   };
 }
 
+function getSafeRedirectPath(path: unknown) {
+  if (
+    typeof path !== 'string' ||
+    !path.startsWith('/') ||
+    path.startsWith('//')
+  ) {
+    return '/';
+  }
+
+  return path;
+}
+
+function parseOAuthState(state: string | undefined) {
+  if (!state) {
+    throw new Error('Missing OAuth state.');
+  }
+
+  const decoded = Buffer.from(state, 'base64').toString('utf-8');
+  const parsed = JSON.parse(decoded) as {
+    userId?: string;
+    afterCallbackRedirect?: string;
+  };
+
+  if (!parsed.userId) {
+    throw new Error('Invalid OAuth state payload.');
+  }
+
+  return {
+    userId: parsed.userId,
+    afterCallbackRedirect: getSafeRedirectPath(parsed.afterCallbackRedirect)
+  };
+}
+
 async function publishPreviouslyUnverifiedEmailsToCleaning(
   contacts: Contacts,
   userId: string,
@@ -137,10 +170,11 @@ export default function initializeMiningController(
       const user = res.locals.user as User;
       const provider = req.params.provider as OAuthMiningSourceProvider;
       const { redirect } = req.body;
+      const afterCallbackRedirect = getSafeRedirectPath(redirect);
 
       const stateObj = JSON.stringify({
         userId: user.id,
-        afterCallbackRedirect: redirect ?? '/'
+        afterCallbackRedirect
       });
 
       const authorizationUri = getAuthClient(provider).authorizeURL({
@@ -156,15 +190,7 @@ export default function initializeMiningController(
       const provider = req.params.provider as OAuthMiningSourceProvider;
       let redirect = '/';
       try {
-        const {
-          userId,
-          afterCallbackRedirect
-        }: {
-          userId: string;
-          afterCallbackRedirect: string;
-        } = JSON.parse(
-          Buffer.from(state as string, 'base64').toString('utf-8')
-        );
+        const { userId, afterCallbackRedirect } = parseOAuthState(state);
 
         redirect = afterCallbackRedirect;
         const exchangedTokens = await exchangeForToken(code, provider);

backend/src/controllers/mining.helpers.ts

@@ -138,21 +138,12 @@ export function validateFileContactsData(
       throw new Error('Invalid email found in the contacts data');
     }
 
-    const URL_LIST = [
-      contact.image?.split('@'),
-      contact.same_as?.split('@')
-    ].filter((list) => list?.filter(Boolean)?.length);
+    const URL_LIST = [contact.image?.split(','), contact.same_as?.split(',')]
+      .map((list) => list?.map((url) => url.trim()).filter(Boolean))
+      .filter((list) => list?.length);
     URL_LIST.forEach((list) => {
-      if (list?.length) {
-        if (typeof list === 'string') {
-          if (!isValidURL(list)) {
-            throw new Error('Invalid URL found in the contacts data');
-          }
-        } else if (Array.isArray(list)) {
-          if (!list.every((url) => isValidURL(url))) {
-            throw new Error('Invalid URL found in the contacts data');
-          }
-        }
+      if (list?.length && !list.every((url) => isValidURL(url))) {
+        throw new Error('Invalid URL found in the contacts data');
       }
     });
   });

backend/src/services/tasks-manager/TaskManagerFile.ts

@@ -117,7 +117,28 @@ export default class TasksManagerFile {
 
     // Set up the Redis subscriber to listen for updates
     this.redisSubscriber.on('message', async (_channel, data) => {
-      const { miningId, progressType, count } = JSON.parse(data);
+      let message: {
+        miningId?: string;
+        progressType?: keyof TaskProcessProgress;
+        count?: number;
+      };
+
+      try {
+        message = JSON.parse(data);
+      } catch (error) {
+        logger.warn('Ignoring malformed Redis progress payload.', {
+          data,
+          error
+        });
+        return;
+      }
+
+      const { miningId, progressType, count } = message;
+
+      if (!miningId || !progressType || typeof count !== 'number') {
+        logger.warn('Ignoring incomplete Redis progress payload.', { data });
+        return;
+      }
 
       if (count > 0) {
         this.updateProgress(miningId, progressType, count);

backend/src/services/tasks-manager/TasksManager.ts

@@ -54,8 +54,31 @@ export default class TasksManager {
 
     // Set up the Redis subscriber to listen for updates
     this.redisSubscriber.on('message', async (_channel, data) => {
+      let message: {
+        miningId?: string;
+        progressType?: TaskProgressType;
+        count?: number;
+        isCompleted?: boolean;
+        isCanceled?: boolean;
+      };
+
+      try {
+        message = JSON.parse(data);
+      } catch (error) {
+        logger.warn('Ignoring malformed Redis progress payload.', {
+          data,
+          error
+        });
+        return;
+      }
+
       const { miningId, progressType, count, isCompleted, isCanceled } =
-        JSON.parse(data);
+        message;
+
+      if (!miningId || !progressType || typeof count !== 'number') {
+        logger.warn('Ignoring incomplete Redis progress payload.', { data });
+        return;
+      }
 
       if (progressType === 'signatures' && isCompleted) {
         const task = this.ACTIVE_MINING_TASKS.get(miningId);

backend/src/services/tasks-manager/TasksManagerPST.ts

@@ -53,8 +53,31 @@ export default class TasksManagerPST {
 
     // Set up the Redis subscriber to listen for updates
     this.redisSubscriber.on('message', async (_channel, data) => {
+      let message: {
+        miningId?: string;
+        progressType?: TaskProgressType;
+        count?: number;
+        isCompleted?: boolean;
+        isCanceled?: boolean;
+      };
+
+      try {
+        message = JSON.parse(data);
+      } catch (error) {
+        logger.warn('Ignoring malformed Redis progress payload.', {
+          data,
+          error
+        });
+        return;
+      }
+
       const { miningId, progressType, count, isCompleted, isCanceled } =
-        JSON.parse(data);
+        message;
+
+      if (!miningId || !progressType || typeof count !== 'number') {
+        logger.warn('Ignoring incomplete Redis progress payload.', { data });
+        return;
+      }
 
       if (progressType === 'signatures' && isCompleted) {
         const task = this.ACTIVE_MINING_TASKS.get(miningId);

backend/src/utils/pubsub/redis/RedisSubscriber.ts

@@ -19,7 +19,14 @@ export default class RedisSubscriber<T> implements Subscriber<T> {
         this.logger.info(`Subscribed to redis channel ${this.channel}`);
       });
       this.redisClient.on('message', (_, data: string) => {
-        onMessage(JSON.parse(data) as T);
+        try {
+          onMessage(JSON.parse(data) as T);
+        } catch (error) {
+          this.logger.warn(
+            `Ignoring malformed Redis message on channel ${this.channel}`,
+            error
+          );
+        }
       });
     } catch (error) {
       this.logger.error(