mirror of
https://github.com/Chevron7Locked/kima-hub.git
synced 2026-06-19 07:37:17 +00:00
Your Name
a56abd4bbb
Four small fixes surfaced in the pre-release review pass:
1. Preview stream upstream cleanup on client disconnect
Both new Deezer preview proxy endpoints (/artists/preview/.../stream
and /playlists/.../preview/stream) now register res.on('close', ...)
to destroy the upstream axios stream when the client goes away.
Matches the existing audiobook stream pattern. Prevents upstream
TCP connection leaks when a user cancels a preview mid-flight.
2. Collapse IDOR message oracle in getOwnedPendingTrack
The pending-track-not-found (404) and wrong-playlist (404) branches
returned distinguishable error messages, letting an authenticated
user probe existence of other users' pending track IDs by supplying
their own playlist ID. Both branches now return the same generic
'Pending track not found' message.
3. Remove dead request-id guard in useTrackPreview
After the refactor to direct stream URLs in PR #178, the check
`if (requestId !== previewRequestIdRef.current) return` runs
immediately after the increment and is definitionally false.
Removed the check and the now-unused ref declaration.
4. Array guard for music-metadata discsubtitle field
music-metadata normally returns discsubtitle as a string, but
some tag formats (e.g., Vorbis with multiple DISCSUBTITLE frames)
can surface arrays. Added an explicit Array.isArray branch so a
future shape change doesn't silently write stringified arrays
to the database.
Found during pre-release review.