Skip to content

fix: Critical bugs - assets, goals, Mislaka crash (#37, #38, #39)#17

Merged
ncamaa merged 3 commits intomainfrom
fix/critical-bugs-37-38-39
Apr 15, 2026
Merged

fix: Critical bugs - assets, goals, Mislaka crash (#37, #38, #39)#17
ncamaa merged 3 commits intomainfrom
fix/critical-bugs-37-38-39

Conversation

@ncamaa
Copy link
Copy Markdown
Collaborator

@ncamaa ncamaa commented Apr 15, 2026

Summary

Fixes 3 Critical bugs reported by Dror during MVP testing:

  • #37 - Cannot add assets: Added category enum validation in assetService.create(). Replaced unsafe as never casts with proper Prisma enum types.
  • #38 - Cannot add goals: Added missing belongsToId field to FinancialGoal Prisma model with FK relation to FamilyMember. Updated repository, service, and model schema.
  • #39 - Mislaka crash: Added Excel magic byte validation, wrapped XLSX.read() in try-catch, and routes parser errors to 400 instead of crashing the server.

Closes codama-dev/clearplan-tickets#37
Closes codama-dev/clearplan-tickets#38
Closes codama-dev/clearplan-tickets#39

Test plan

  • All 269 backend tests pass
  • TypeScript compiles clean
  • Try adding an asset via UI - should succeed
  • Try adding a goal via UI - should succeed
  • Try uploading an invalid file as Mislaka - should get 400 error, not crash

ncamaa added 3 commits April 15, 2026 10:46
@ncamaa
fix: validate asset category enum before Prisma call
16e6e82 
Add defense-in-depth validation for AssetCategory in the service layer,
returning 400 with clear error message for invalid values. Replace unsafe
`as never` casts in the repository with proper Prisma enum types.
@ncamaa
fix: add belongsToId field to FinancialGoal model
d932ba6 
The frontend sends belongsToId when creating/updating goals to link them
to a family member, but the field was missing from the Prisma schema and
the repository never persisted it. Adds the column with FK to
family_members, updates repository create/update to include the field,
and removes the workaround that stripped it in the update path.
@ncamaa
fix: prevent server crash on corrupted Mislaka file upload
7ac1a39 
XLSX.read() throws unhandled exceptions on corrupted/invalid files,
crashing the Express process. Wraps it in try-catch, validates the
buffer is non-empty and has valid Excel magic bytes before parsing,
and maps all parser errors to 400 BAD_REQUEST responses.
@ncamaa ncamaa merged commit a2147c4 into main Apr 15, 2026
5 checks passed
@ncamaa ncamaa deleted the fix/critical-bugs-37-38-39 branch April 15, 2026 11:29
This was referenced Apr 15, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] System crash on Mislaka file upload and parse [Bug] Cannot add goals [Bug] Cannot add assets

1 participant

@ncamaa