• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

decentraland / social-service-ea / 28588201131
90%
main: 90%

Build:
Build:
LAST BUILD BRANCH: 1.13.1
DEFAULT BRANCH: main
Ran 02 Jul 2026 12:04PM UTC
Jobs 1
Files 201
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

02 Jul 2026 11:58AM UTC coverage: 90.279% (-0.2%) from 90.437%
28588201131

Pull #428

github

LautaroPetaccio
fix: harden access control, referral integrity and adapter robustness

Findings from a security/correctness review, grouped by area.

Access control:
- Reject direct joins of private communities (require the request/invite flow)
- Enforce bans on the request/invite accept path and when creating requests;
  remove a banned user's pending requests so a ban cannot be circumvented
- Exclude banned users when bulk-accepting requests on a private->public flip
- Enforce block and reject self-calls in private voice chat; normalize social
  settings lookups so a checksummed address can't bypass privacy settings
- Normalize addresses in role-permission and block/unblock self checks

Referral integrity:
- Add a unique(invited_user) index (with dedupe) so one invited user maps to a
  single referrer, closing a reward-inflation race

Robustness / hardening:
- Fix voice-db "user is busy" guard (IN (array) -> = ANY(array))
- Default outbound HTTP request timeout; bound inbound WS payload size
- Escape LIKE/ILIKE wildcards in community search
- Bound placeIds array size; clamp falsy pagination limits
- Fix memory-cache mGet, redis get JSON resilience and EX handling, retrier
  error propagation, feature-flag refresh, interval-leak guards, catalyst
  server rotation, rewards response validation
- Stop leaking internal error details over WS; stop logging referral email PII

Adds unit and integration coverage for the ban-enforcement, voice block/self,
private-community join, and wildcard-escaping paths.
Pull Request #428: fix: harden access control, referral integrity and adapter robustness

2310 of 2714 branches covered (85.11%)

Branch coverage included in aggregate %.

70 of 85 new or added lines in 24 files covered. (82.35%)

1 existing line in 1 file now uncovered.

5798 of 6267 relevant lines covered (92.52%)

80.43 hits per line

Uncovered Changes

Lines Coverage ∆ File
2
77.19
-5.16% src/adapters/feature-flags.ts
2
75.0
-6.82% src/adapters/memory-cache.ts
2
93.44
-6.56% src/adapters/peer-tracking.ts
2
87.1
-12.9% src/adapters/peers-synchronizer.ts
2
68.66
-1.66% src/adapters/redis.ts
2
0.0
0.0% src/components.ts
1
86.77
0.75% src/adapters/communities-db.ts
1
95.52
-2.17% src/adapters/friends-db.ts
1
88.46
0.0% src/controllers/handlers/http/get-community-invites-handler.ts

Coverage Regressions

Lines Coverage ∆ File
1
75.0
-6.82% src/adapters/memory-cache.ts
Jobs
ID Job ID Ran Files Coverage
1 28588201131.1 02 Jul 2026 12:03PM UTC 402
91.25
GitHub Action Run
Source Files on build 28588201131
  • Tree
  • List 201
  • Changed 159
  • Source Changed 26
  • Coverage Changed 159
Coverage ∆ File Lines Relevant Covered Missed Hits/Line Branch Hits Branch Misses
  • Back to Repo
  • Github Actions Build #28588201131
  • Pull Request #428
  • PR Base - main (#28547511600)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc