perf: add database indexes, implement caching, enforce permission guards, and sanitize external URLs

2026-05-10 22:01:06 +02:00
parent 351938aa5c
commit aa4c181b0c
14 changed files with 94 additions and 40 deletions
@@ -52,17 +52,20 @@ export default function BarcodePositioner({

  // Load first page preview image
  useEffect(() => {
-    let objectUrl: string;
+    let cancelled = false;
+    let objectUrl: string | undefined;
    const page = startPage || 1;
    const url = `${getEnv('VITE_API_URL')}/api/email-import/attachments/${attachmentId}/pages/${page}/preview`;

    getAccessToken().then(token => {
+      if (cancelled) return;
      fetch(url, { headers: { Authorization: `Bearer ${token}` } })
        .then(res => {
          if (!res.ok) throw new Error('Not found');
          return res.blob();
        })
        .then(blob => {
+          if (cancelled) return;
          objectUrl = URL.createObjectURL(blob);
          setImgSrc(objectUrl);
        })
@@ -70,6 +73,7 @@ export default function BarcodePositioner({
    });

    return () => {
+      cancelled = true;
      if (objectUrl) URL.revokeObjectURL(objectUrl);
    };
  }, [attachmentId, startPage]);
@@ -79,21 +79,22 @@ function ImageWithAuth({ url, token }: { url: string; token: string }) {
  const [imgSrc, setImgSrc] = useState<string | null>(null);

  useEffect(() => {
-    let objectUrl: string;
+    let cancelled = false;
+    let objectUrl: string | undefined;
    fetch(url, { headers: { Authorization: `Bearer ${token}` } })
      .then(res => {
        if (!res.ok) throw new Error('Network response was not ok');
        return res.blob();
      })
      .then(blob => {
+        if (cancelled) return;
        objectUrl = URL.createObjectURL(blob);
        setImgSrc(objectUrl);
      })
-      .catch(err => {
-        console.error('Error loading image', err);
-      });
+      .catch(() => {});

    return () => {
+      cancelled = true;
      if (objectUrl) URL.revokeObjectURL(objectUrl);
    };
  }, [url, token]);