fix(security): guard OpenhumanLinkModal against arbitrary event paths (closes #1945)

[PranavAgarkar07]

Summary

Guard OpenhumanLinkModal against arbitrary event paths by defining a strict allowlist of 5 known paths. Unknown paths are silently dropped instead of opening the modal.

Changes

• Added ALLOWED_PATHS as as const array with all 5 valid paths
• Derived AllowedPath union type from the array for compile-time exhaustiveness
• Added ALLOWED_PATHS_SET for O(1) runtime lookup
• Typed activePath state as AllowedPath | null
• Both titleForPath and renderBody switched from string to AllowedPath param
• Removed default switch arms — TS catches missing cases at compile time

Checklist

• pnpm typecheck passes
• pnpm lint passes
• pnpm format:check passes
• pnpm test passes (2192 tests)

Summary by CodeRabbit

• Bug Fixes
  • Strengthened modal path validation so only approved routes can open the modal, preventing unexpected or invalid paths from showing.
  • Modal content rendering tightened to only display known, allowed views—unknown paths will no longer produce fallback content.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ebe2a9a9-3270-4dad-bc72-78d68595f6fa

📥 Commits

Reviewing files that changed from the base of the PR and between 3950abb and 078bb7f.

📒 Files selected for processing (1)

• app/src/components/OpenhumanLinkModal.tsx

🚧 Files skipped from review as they are similar to previous changes (1)

• app/src/components/OpenhumanLinkModal.tsx

---

📝 Walkthrough

Walkthrough

The modal introduces an ALLOWED_PATHS allowlist and ALLOWED_PATHS_SET, validates incoming openhuman-link event detail.path against it before setting state, narrows internal types to AllowedPath, and removes the renderBody fallback branch.

Changes

Path validation and type safety

Layer / File(s)	Summary
Allowlist definition and event handler validation app/src/components/OpenhumanLinkModal.tsx	ALLOWED_PATHS, AllowedPath, and ALLOWED_PATHS_SET are added. The openhuman-link event handler checks detail.path against the allowlist before calling setActivePath, and activePath is narrowed to AllowedPath | null.
Type narrowing in helper functions and switch logic app/src/components/OpenhumanLinkModal.tsx	titleForPath and renderBody signatures change from path: string to path: AllowedPath. The renderBody switch removes its default/fallback branch, relying on validation and typing for exhaustiveness.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• #1945: Implements the allowlist and AllowedPath narrowing described in the issue by validating openhuman-link event paths and tightening helper types.

Poem

🐰 I hopped in, ears alert and bright,
A wandering path I penned with light —
Now only known routes may play,
Safe hops and snug modals, hooray! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(security): guard OpenhumanLinkModal against arbitrary event paths (closes #1945)' accurately and specifically describes the main security fix: adding allowlist validation to prevent arbitrary paths from opening the modal.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}