fix(audit): sécurité + perf + DB — 40 problèmes adressés
Some checks failed
CI / Lint, Unit Tests & Build (push) Failing after 1m8s
CI / Deploy production (on server) (push) Has been skipped

SÉCURITÉ (CRITIQUE):
- link-preview: auth() obligatoire + filtre IP privées (SSRF fix)
- metrics: !metricsToken → 401 au lieu d'etre ouvert si token absent
- contextual-ai-chat: DOMPurify.sanitize() sur dangerouslySetInnerHTML (XSS fix)

PERFORMANCE:
- graph/route.ts: take:500 + orderBy updatedAt desc (pas de full table scan)
- syncAllEmbeddings: batch parallèle Promise.allSettled × 5 (pas séquentiel)
- 80 console.log supprimés du code production

BASE DE DONNÉES:
- Note: index contentUpdatedAt + isPublic ajoutés au schema
- DocumentChunk: commentaire index vectoriel HNSW (à exécuter manuellement)
This commit is contained in:
Antigravity
2026-07-05 08:51:21 +00:00
parent 261eee2953
commit 5821e2c96f
27 changed files with 70 additions and 96 deletions

View File

@@ -119,14 +119,11 @@ async function fetchHtml(url: string): Promise<string | null> {
})
clearTimeout(timeout)
if (!res.ok) {
console.log(`[fetchHtml] Failed for ${url}: ${res.status}`)
return null
}
const html = await res.text()
console.log(`[fetchHtml] Got ${html.length} chars from ${url}`)
return html
} catch (e: any) {
console.log(`[fetchHtml] Error for ${url}: ${e.message}`)
return null
}
}
@@ -139,17 +136,14 @@ async function extractImagesForUrls(urls: string[]): Promise<Array<{ localUrl: s
for (const pageUrl of urls) {
const html = await fetchHtml(pageUrl)
if (!html) {
console.log(`[extractImagesForUrls] No HTML fetched for ${pageUrl}`)
continue
}
const remoteUrls = extractImageUrlsFromHtml(html, pageUrl)
console.log(`[extractImagesForUrls] ${remoteUrls.length} image URLs found on ${pageUrl}`)
for (const remoteUrl of remoteUrls) {
if (!seenSourceUrls.has(remoteUrl)) {
seenSourceUrls.add(remoteUrl)
toDownload.push({ sourceUrl: remoteUrl, pageUrl })
} else {
console.log(`[extractImagesForUrls] Skipping duplicate source: ${remoteUrl}`)
}
}
}
@@ -163,7 +157,6 @@ async function extractImagesForUrls(urls: string[]): Promise<Array<{ localUrl: s
}
}
console.log(`[extractImagesForUrls] ${toDownload.length} unique candidates, ${allImages.length} downloaded successfully`)
return allImages
}
@@ -1508,7 +1501,6 @@ async function executeToolUseAgent(
const registered = toolRegistry.get('generate_slides')
if (registered) {
console.log('[AgentExecutor] Running manual fallback execution for generate_slides')
const slideTool = registered.buildTool(ctx)
const executionResult = await slideTool.execute({ title, theme, slides })
if (executionResult && executionResult.success && executionResult.canvasId) {
@@ -1538,7 +1530,6 @@ async function executeToolUseAgent(
if (diagramStr) {
const registered = toolRegistry.get('generate_excalidraw')
if (registered) {
console.log('[AgentExecutor] Running manual fallback execution for generate_excalidraw')
const excalidrawTool = registered.buildTool(ctx)
const executionResult = await excalidrawTool.execute({ title, diagram: diagramStr })
if (executionResult && executionResult.success && executionResult.canvasId) {
@@ -1679,9 +1670,7 @@ async function executeToolUseAgent(
// Extract images from scraped URLs and insert into markdown content
let imageCount = 0
if (agent.includeImages && scrapedUrls.length > 0) {
console.log(`[AgentExecutor] Extracting images from ${scrapedUrls.length} URLs:`, scrapedUrls)
const imageData = await extractImagesForUrls(scrapedUrls)
console.log(`[AgentExecutor] Extracted ${imageData.length} images`)
if (imageData.length > 0) {
const currentNote = await prisma.note.findUnique({
where: { id: noteId },
@@ -1697,7 +1686,6 @@ async function executeToolUseAgent(
imageCount = imageData.length
}
} else if (agent.includeImages) {
console.log(`[AgentExecutor] includeImages enabled but no scraped URLs found in tool results`)
}
const resultId = canvasId || noteId