fix(backup): address PR review findings

- backup_manager: read plugin state from "states" key (not "plugins") to match the actual plugin_state.json format written by state_manager - backup_manager: stream ZIP directly to a temp file instead of building it in an io.BytesIO buffer to avoid OOM on Raspberry Pi - backup_manager: tighten plugin-uploads path validation in validate_backup and restore_backup to require "/uploads/" in the path, rejecting any non-uploads files smuggled under assets/plugins/ - api_v3: enforce 200 MB upload limit by streaming in chunks rather than relying on validate_file_upload (which only checks the filename) - api_v3: replace bool() with _coerce_to_bool() for RestoreOptions fields so string "false" is not treated as truthy - api_v3: capture and log _save_config_atomic return value instead of discarding it; log rather than silence font-cache and config-reload errors - backup_restore.html: track inspectedFile so runRestore always applies to the file the user inspected, not a subsequently selected file; clear on input change or clearRestore() - backup_restore.html: throw on non-success restore payload so errors are surfaced via the error notification path instead of yellow "warnings" - test: update fixture to use correct "states" key structure; import SCHEMA_VERSION constant instead of hardcoding 1; rename unused err -> _err Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 20:13:00 +00:00 · 2026-04-27 10:10:01 -04:00
parent a84b65fffb
commit b609b9e9e1
4 changed files with 65 additions and 33 deletions
--- a/test/test_backup_manager.py
+++ b/test/test_backup_manager.py
@@ -12,6 +12,7 @@ import pytest
 from src import backup_manager
 from src.backup_manager import (
    BUNDLED_FONTS,
+    SCHEMA_VERSION,
    RestoreOptions,
    create_backup,
    list_installed_plugins,
@@ -66,10 +67,11 @@ def _make_project(root: Path) -> Path:
    (root / "data" / "plugin_state.json").write_text(
        json.dumps(
            {
-                "plugins": {
+                "version": 1,
+                "states": {
                    "my-plugin": {"version": "1.2.3", "enabled": True},
                    "other-plugin": {"version": "0.1.0", "enabled": False},
-                }
+                },
            }
        ),
        encoding="utf-8",
@@ -204,7 +206,7 @@ def test_validate_backup_bad_schema_version(tmp_path: Path) -> None:
 def test_validate_backup_rejects_zip_traversal(tmp_path: Path) -> None:
    zip_path = tmp_path / "malicious.zip"
    with zipfile.ZipFile(zip_path, "w") as zf:
-        zf.writestr("manifest.json", json.dumps({"schema_version": 1, "contents": []}))
+        zf.writestr("manifest.json", json.dumps({"schema_version": SCHEMA_VERSION, "contents": []}))
        zf.writestr("../../etc/passwd", "x")
    ok, err, _ = validate_backup(zip_path)
    assert not ok
@@ -214,7 +216,7 @@ def test_validate_backup_rejects_zip_traversal(tmp_path: Path) -> None:
 def test_validate_backup_not_a_zip(tmp_path: Path) -> None:
    p = tmp_path / "nope.zip"
    p.write_text("hello", encoding="utf-8")
-    ok, err, _ = validate_backup(p)
+    ok, _err, _ = validate_backup(p)
    assert not ok


@@ -275,7 +277,7 @@ def test_restore_honors_options(project: Path, empty_project: Path, tmp_path: Pa
 def test_restore_rejects_malicious_zip(empty_project: Path, tmp_path: Path) -> None:
    zip_path = tmp_path / "bad.zip"
    with zipfile.ZipFile(zip_path, "w") as zf:
-        zf.writestr("manifest.json", json.dumps({"schema_version": 1, "contents": []}))
+        zf.writestr("manifest.json", json.dumps({"schema_version": SCHEMA_VERSION, "contents": []}))
        zf.writestr("../escape.txt", "x")
    result = restore_backup(zip_path, empty_project, RestoreOptions())
    # validate_backup catches it before extraction.