Add static method createFromUrl for B24Hook#8
Closed
arsentos wants to merge 1 commit into
Closed
Conversation
Collaborator
|
Corrected the code a bit. |
5 tasks
IgorShevchik
pushed a commit
that referenced
this pull request
May 27, 2026
…docs) Five parallel role-reviews (docs, programmer, QA, security, CTO) found 16 fixable items. Three larger findings (unit-test infra, isolate recipe deps, v3 whitelist CI monitor) are moved out to issues #64 / #65 / #66. The rest land here. 🔴 Runtime bugs - Recipe 6: replace contiguous-prefix `sawFailure` continue with `break`. Original logic still sent Telegram messages for deals after a mid-batch failure; cursor stayed at last-success-before-failure, so the next tick re-sent the already-delivered post-failure deals as duplicates. With `break`, the failed deal AND everything after wait for the next tick. - Recipe 5: `batch.make` named-object form needs `returnAjaxResult: true` to expose named keys safely. Previous `getData() as { Storages, Children }` was a runtime lie — actual shape is the union `T | T[] | BatchPayloadResult<T>`. Now reads through AjaxResult per key as the canonical SDK spec shows. - Recipe 8: `JSON.parse(content!)` had no null/parse guard. GPT can return null content (content-filter, rate-limit trim) or invalid JSON despite `response_format: 'json_object'`. Now throws with useful raw-snippet. 🔴 Security - Recipe 7: `B24_APPLICATION_TOKEN` is now REQUIRED (throw on startup if missing). Previously the recipe accepted any POST when the env var was absent. Compare uses `timingSafeEqual` to defeat timing-recovery attacks. - Recipe 12: same `timingSafeEqual` for the application_token check on /uninstall. Also `fs.writeFile(..., { mode: 0o600 })` so other local users can't read persisted tokens. INFO-level log no longer includes `domain` / `userId` (`logger.info('[${event}] member=${id}')` only). /portal/:memberId/profile demo route now has an explicit SECURITY-WARNING comment about missing auth. - Recipe 7 log redaction: log only the keys of `payload.data.FIELDS` (not the values) to prevent future sensitive field leakage. 🔴 Docs facts - b24jssdk-recipes/SKILL.md: «Nine» → «Twelve», description updated to mention recipes 10–12 (error handling, event registration, OAuth install). - b24jssdk-recipes/SKILL.md: caveat about recipe-7-event-registration now correctly points to recipe 11 (it exists) instead of «not covered by these scripts». - MAINTENANCE.md: recipe-section count and list updated 9→12. 🟡 Polish - SUGGESTED-EXAMPLES.md: drop confusing «#1 / #6 / #8» gap numbers in the Done section (recipes have their own numbers 10/11/12). - docs/.../99.examples/0.index.md: drop `offClientSideWarning?.()` optional chaining in the shared boot snippet — consistent with skills and recipes (the method is present on all entry points). - Recipe 4: split `created` counter into `createdInB24` / `createdInErp` for actionable metrics. - Recipe 3: `setInterval` now has an overlap guard so slow ticks don't race on `dealStages`. - Recipe 6: add cold-start comment explaining that `lastSeenDealId = 0` floods all NEW-stage deals on first tick. - tsconfig.recipes: explain `ignoreDeprecations: "6.0"` inline. 🟢 Traceability - Recipes 7 and 9: add `UNVERIFIED_ON_LIVE_PORTAL` markers to the header docblocks with pointers to REPORT.md. CI: `lint`, `typecheck` (incl. `skills:typecheck`), `docs:lint-pages` — all green. Co-authored-by: 5 role-review agents (docs, programmer, QA, security, CTO)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There is enhancement issue #6 about creating B24Hook from complete URL. I implemented it and added docs, criticism welcome!