Found in PR #77 (fix/68-expiring-download-tokens)
Severity: Nit
PR #77 added token expiration and correctly handles old tokens (without exp) via:
if (parsed.exp !== undefined && Math.floor(Date.now() / 1000) > parsed.exp) return null;
But the test suite has no test case for the backward-compat path. Production chat histories contain tokens signed before PR #77 was deployed — these tokens have no exp field and should still verify successfully.
Fix: Add a backward-compat test to backend/src/lib/__tests__/downloadTokens.test.ts:
it("verifyDownload accepts a legacy token without exp field", async () => {
const { verifyDownload } = await import("../downloadTokens.js");
// Manually build a legacy token (no exp)
const payload = Buffer.from(JSON.stringify({ p: "path/file.pdf", f: "file.pdf" }));
const enc = payload.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
const sig = require("crypto")
.createHmac("sha256", process.env.DOWNLOAD_SIGNING_SECRET!)
.update(enc).digest("base64")
.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
expect(verifyDownload(`${enc}.${sig}`)).toEqual({ path: "path/file.pdf", filename: "file.pdf" });
});
Found in PR #77 (fix/68-expiring-download-tokens)
Severity: Nit
PR #77 added token expiration and correctly handles old tokens (without
exp) via:But the test suite has no test case for the backward-compat path. Production chat histories contain tokens signed before PR #77 was deployed — these tokens have no
expfield and should still verify successfully.Fix: Add a backward-compat test to
backend/src/lib/__tests__/downloadTokens.test.ts: