fix: address security review findings, implement real cache clearing, and fix lifecycle promises

2026-01-08 21:29:09 +01:00
parent 0f6cce9b6e
commit 19206b5cc7
11 changed files with 176 additions and 47 deletions
--- a/bot/index.ts
+++ b/bot/index.ts
@@ -8,6 +8,7 @@ import { startWebServerFromRoot } from "../web/src/server";
 await AuroraClient.loadCommands();
 await AuroraClient.loadEvents();
 await AuroraClient.deployCommands();
+await AuroraClient.setupSystemEvents();

 console.log("🌐 Starting web server...");

--- a/bot/lib/BotClient.test.ts
+++ b/bot/lib/BotClient.test.ts
@@ -38,6 +38,15 @@ mock.module("../lib/loaders/EventLoader", () => ({
 }));

 // Mock dashboard service to prevent network/db calls during event handling
+mock.module("@shared/modules/economy/lootdrop.service", () => ({
+    lootdropService: { clearCaches: mock(async () => { }) }
+}));
+mock.module("@shared/modules/trade/trade.service", () => ({
+    tradeService: { clearSessions: mock(() => { }) }
+}));
+mock.module("@/modules/admin/item_wizard", () => ({
+    clearDraftSessions: mock(() => { })
+}));
 mock.module("@shared/modules/dashboard/dashboard.service", () => ({
    dashboardService: {
        recordEvent: mock(() => Promise.resolve())
@@ -48,11 +57,12 @@ describe("AuroraClient System Events", () => {
    let AuroraClient: any;

    beforeEach(async () => {
-        // Clear mocks and re-import client to ensure fresh listeners if possible
-        // Note: AuroraClient is a singleton, so we mostly reset its state
+        systemEvents.removeAllListeners();
        const module = await import("./BotClient");
        AuroraClient = module.AuroraClient;
        AuroraClient.maintenanceMode = false;
+        // MUST call explicitly now
+        await AuroraClient.setupSystemEvents();
    });

    /**
@@ -61,14 +71,11 @@ describe("AuroraClient System Events", () => {
     */
    test("should toggle maintenanceMode when MAINTENANCE_MODE event is received", async () => {
        systemEvents.emit(EVENTS.ACTIONS.MAINTENANCE_MODE, { enabled: true, reason: "Testing" });
-
-        // Give event loop time to process
-        await new Promise(resolve => setTimeout(resolve, 20));
-
+        await new Promise(resolve => setTimeout(resolve, 30));
        expect(AuroraClient.maintenanceMode).toBe(true);

        systemEvents.emit(EVENTS.ACTIONS.MAINTENANCE_MODE, { enabled: false });
-        await new Promise(resolve => setTimeout(resolve, 20));
+        await new Promise(resolve => setTimeout(resolve, 30));
        expect(AuroraClient.maintenanceMode).toBe(false);
    });

@@ -77,16 +84,28 @@ describe("AuroraClient System Events", () => {
     * Requirement: loadCommands and deployCommands should be called
     */
    test("should reload commands when RELOAD_COMMANDS event is received", async () => {
-        // Spy on the methods that should be called
        const loadSpy = spyOn(AuroraClient, "loadCommands").mockImplementation(() => Promise.resolve());
        const deploySpy = spyOn(AuroraClient, "deployCommands").mockImplementation(() => Promise.resolve());

        systemEvents.emit(EVENTS.ACTIONS.RELOAD_COMMANDS);
-
-        // Wait for async handlers
        await new Promise(resolve => setTimeout(resolve, 50));

        expect(loadSpy).toHaveBeenCalled();
        expect(deploySpy).toHaveBeenCalled();
    });
+
+    /**
+     * Test Case: Cache Clearance
+     * Requirement: Service clear methods should be triggered
+     */
+    test("should trigger service cache clearance when CLEAR_CACHE is received", async () => {
+        const { lootdropService } = await import("@shared/modules/economy/lootdrop.service");
+        const { tradeService } = await import("@shared/modules/trade/trade.service");
+
+        systemEvents.emit(EVENTS.ACTIONS.CLEAR_CACHE);
+        await new Promise(resolve => setTimeout(resolve, 50));
+
+        expect(lootdropService.clearCaches).toHaveBeenCalled();
+        expect(tradeService.clearSessions).toHaveBeenCalled();
+    });
 });
--- a/bot/lib/BotClient.ts
+++ b/bot/lib/BotClient.ts
@@ -18,13 +18,14 @@ export class Client extends DiscordClient {
        this.commands = new Collection<string, Command>();
        this.commandLoader = new CommandLoader(this);
        this.eventLoader = new EventLoader(this);
-        this.setupSystemEvents();
    }

-    private setupSystemEvents() {
-        import("@shared/lib/events").then(({ systemEvents, EVENTS }) => {
-            systemEvents.on(EVENTS.ACTIONS.RELOAD_COMMANDS, async () => {
-                console.log("🔄 System Action: Reloading commands...");
+    public async setupSystemEvents() {
+        const { systemEvents, EVENTS } = await import("@shared/lib/events");
+
+        systemEvents.on(EVENTS.ACTIONS.RELOAD_COMMANDS, async () => {
+            console.log("🔄 System Action: Reloading commands...");
+            try {
                await this.loadCommands(true);
                await this.deployCommands();

@@ -34,24 +35,42 @@ export class Client extends DiscordClient {
                    message: "Bot: Commands reloaded and redeployed",
                    icon: "✅"
                });
-            });
+            } catch (error) {
+                console.error("Failed to reload commands:", error);
+            }
+        });
+
+        systemEvents.on(EVENTS.ACTIONS.CLEAR_CACHE, async () => {
+            console.log("<22> System Action: Clearing all internal caches...");
+
+            try {
+                // 1. Lootdrop Service
+                const { lootdropService } = await import("@shared/modules/economy/lootdrop.service");
+                await lootdropService.clearCaches();
+
+                // 2. Trade Service
+                const { tradeService } = await import("@shared/modules/trade/trade.service");
+                tradeService.clearSessions();
+
+                // 3. Item Wizard
+                const { clearDraftSessions } = await import("@/modules/admin/item_wizard");
+                clearDraftSessions();

-            systemEvents.on(EVENTS.ACTIONS.CLEAR_CACHE, async () => {
-                console.log("🧹 System Action: Clearing caches...");
-                // In a real app, we'd loop through services and clear their internal maps
                const { dashboardService } = await import("@shared/modules/dashboard/dashboard.service");
                await dashboardService.recordEvent({
                    type: "success",
-                    message: "Bot: Internal caches cleared",
+                    message: "Bot: All internal caches and sessions cleared",
                    icon: "🧼"
                });
-            });
+            } catch (error) {
+                console.error("Failed to clear caches:", error);
+            }
+        });

-            systemEvents.on(EVENTS.ACTIONS.MAINTENANCE_MODE, async (data: { enabled: boolean, reason?: string }) => {
-                const { enabled, reason } = data;
-                console.log(`🛠️ System Action: Maintenance mode ${enabled ? "ON" : "OFF"}${reason ? ` (${reason})` : ""}`);
-                this.maintenanceMode = enabled;
-            });
+        systemEvents.on(EVENTS.ACTIONS.MAINTENANCE_MODE, async (data: { enabled: boolean, reason?: string }) => {
+            const { enabled, reason } = data;
+            console.log(`🛠️ System Action: Maintenance mode ${enabled ? "ON" : "OFF"}${reason ? ` (${reason})` : ""}`);
+            this.maintenanceMode = enabled;
        });
    }

--- a/bot/modules/admin/item_wizard.ts
+++ b/bot/modules/admin/item_wizard.ts
@@ -241,3 +241,8 @@ export const handleItemWizardInteraction = async (interaction: Interaction) => {
    }

 };
+
+export const clearDraftSessions = () => {
+    draftSession.clear();
+    console.log("[ItemWizard] All draft item creation sessions cleared.");
+};