Skip to content

Main to Dev Sync #2514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
prakashchoudhary07 merged 9 commits into from
Dec 11, 2025
Merged

Main to Dev Sync #2514

prakashchoudhary07 merged 9 commits into from
Dec 11, 2025

Conversation

@Achintya-Chatterjee
Copy link
Contributor

@Achintya-Chatterjee Achintya-Chatterjee commented Dec 3, 2025

Date: 4th December, 2025

Developer Name:

Issue Ticket Number

Description

Documentation Updated?

  • Yes
  • No

Under Feature Flag

  • Yes
  • No

Database Changes

  • Yes
  • No

Breaking Changes

  • Yes
  • No

Development Tested?

  • Yes
  • No

Screenshots

Screenshot 1

Test Coverage

Screenshot 1

Additional Notes

iamitprakash and others added 8 commits July 19, 2025 11:20
@iamitprakash
Merge pull request #2428 from Real-Dev-Squad/develop
36a094c 
Dev to Main Sync
@iamitprakash
Merge pull request #2478 from Real-Dev-Squad/develop
70f0d5a 
Dev to Main Sync
@iamitprakash
Merge pull request #2481 from Real-Dev-Squad/develop
ef02bf2 
Dev to Main Sync
@iamitprakash
Merge pull request #2492 from Real-Dev-Squad/develop
3393e9f
@iamitprakash
Merge pull request #2505 from Real-Dev-Squad/develop
8b53aae 
Dev to Main Sync
@iamitprakash
Merge pull request #2506 from Real-Dev-Squad/develop
aada0f8 
Dev to Main Sync
@Achintya-Chatterjee
chore: remove lastOooUntil migration artifacts and code (#2507) (#2508)
caeb2fe
@iamitprakash
Dev to Main Sync (#2513)
f2d3bc7 
* chore: remove lastOooUntil migration artifacts and code (#2507)

- drop updateLastOooUntil controller now that prod backfill is done
- delete runLastOooUntilMigration helpers from userStatus.js
- remove POST /users/migration/update-last-ooo-until route
- strip integration tests that exercised the migration endpoint

* fix(missed-updates): compute gap window using working days (#2511)

* fix(missed-updates): compute gap window using working days

- import convertTimestampToUTCStartOrEndOfDay so the window uses UTC day bounds
- respect caller-provided exclusions instead of hard-coding Sunday into the set
- step backwards through calendar days, skipping excluded ones, and bail when none remain
- add regression coverage (plus fixture) for Sunday-only gaps and the Sunday-working-day case

* fix(missed-updates): align working-day window counting and tests

- compute the missed-updates window from consecutive working days without overshooting
- adjust the Sunday-gap fixture to actual Saturday/Sunday/Monday dates
- ensure regression tests cover both excluded Sunday and Sunday-as-working-day scenarios

* fix: failing tests
@Achintya-Chatterjee Achintya-Chatterjee self-assigned this Dec 3, 2025
@prakashchoudhary07
hot-fix(progress-api): temporarily disable POST route due to security…
b335ed9 
… issue (#2516)

* fix(progress-api): temporarily disable POST route due to security issue

* test(progress-api): skip tests for Progress Updates API due to ongoing issues
@railway-app railway-app bot temporarily deployed to PROD - API - RDS / production December 11, 2025 10:30 Inactive
@coderabbitai
Copy link

coderabbitai bot commented Dec 11, 2025
edited
Loading

Summary by CodeRabbit

  • Bug Fixes

    • Progress creation functionality has been temporarily disabled.

  • Tests

    • Integration tests for progress creation flows have been skipped.

✏️ Tip: You can customize this high-level summary in your review settings.

Walkthrough

A middleware gate is added to the progress creation endpoint to temporarily block new record submissions due to security concerns. Associated integration tests for progress POST operations are skipped to reflect this temporary disable.

Changes

Cohort / File(s) Summary
Route Middleware Gate
routes/progresses.ts		 Added disableRoute middleware import and integrated it into the POST endpoint chain between authentication and validation to gate progress creation. Includes inline comment documenting temporary security-related disable.
Skipped Test Suites
test/integration/progressesTasks.test.js, test/integration/progressesUsers.test.js		 Converted active test suite descriptions to skipped variants using describe.skip with accompanying comments, preventing POST-related progress tests from executing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Verify the disableRoute middleware is properly imported and exported from the shortCircuit module
  • Confirm the middleware placement in the route chain is intentional and correct
  • Check that the security issue justifying the temporary disable is documented or tracked

Poem

🐰 A gate now blocks the progress road,
While guardians fix the security load—
Tests sleep beneath the skip's soft spell,
'Til all is mended, safe, and well! 🔒

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request description is a template with no actual content filled in, providing no meaningful information about the changeset. Complete the description template with details about why the progress endpoint is being disabled, the security issues being addressed, and the impact of skipping tests.
Title check ❓ Inconclusive The title 'Main to Dev Sync' is vague and does not clearly convey the actual changes made to the codebase. Use a more specific title that describes the actual changes, such as 'Disable progress creation endpoint and skip related tests' or 'Gate progress creation with security middleware'.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch main

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 11, 2025
View reviewed changes
coderabbitai[bot]
coderabbitai bot reviewed Dec 11, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b81a17 and b335ed9.

📒 Files selected for processing (3)
  • routes/progresses.ts (1 hunks)
  • test/integration/progressesTasks.test.js (1 hunks)
  • test/integration/progressesUsers.test.js (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
routes/progresses.ts (3)
middlewares/shortCircuit.ts (1)
  • disableRoute (4-8)
middlewares/validators/progresses.js (1)
  • validateCreateProgressRecords (4-48)
controllers/progresses.js (1)
  • createProgress (48-78)
🪛 GitHub Check: CodeQL
routes/progresses.ts

[failure] 18-18: Missing rate limiting
This route handler performs authorization, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.
This route handler performs authorization, but is not rate-limited.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build (22.10.0)
🔇 Additional comments (3)
test/integration/progressesTasks.test.js (1)

28-29: LGTM! Test suite appropriately skipped.

The POST test suite is correctly disabled using describe.skip to align with the temporarily disabled route. The ESLint directive properly suppresses the mocha/no-skipped-tests warning.

test/integration/progressesUsers.test.js (1)

21-22: LGTM! Top-level test suite appropriately skipped.

The entire test suite is correctly disabled using describe.skip to align with the temporarily disabled POST route.

routes/progresses.ts (1)

15-18: LGTM! Route correctly disabled with appropriate middleware.

The disableRoute middleware is properly positioned after authentication to return a 503 Service Unavailable response for all POST requests. The comment clearly explains the temporary nature of this change.

Note: The static analysis tool flags missing rate limiting on this route. While not critical for a disabled route, consider adding rate limiting when re-enabling this endpoint to mitigate abuse and protect against DoS attacks.

@prakashchoudhary07 prakashchoudhary07 merged commit 8fc0ce6 into develop Dec 11, 2025
7 of 8 checks passed
@Achintya-Chatterjee Achintya-Chatterjee mentioned this pull request Dec 11, 2025
Merged
10 tasks
@coderabbitai coderabbitai bot mentioned this pull request Dec 11, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@Achintya-Chatterjee Achintya-Chatterjee

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Achintya-Chatterjee @prakashchoudhary07 @iamitprakash