From 71167b2cdf261c860dfff3248bed1b0804235ffc Mon Sep 17 00:00:00 2001 From: Pontoporeia Date: Sat, 28 Mar 2026 13:43:04 +0100 Subject: [PATCH] fix: remove DB_ENV auto-detection; require explicit DB_ENV=test for tests src/config.php: remove the file-existence fallback that silently redirected all requests to test.db whenever that file was present on disk. getDatabasePath() now always returns the production DB unless DB_ENV=test is explicitly set. tests/run-tests.php: putenv('DB_ENV=test') at the top so the suite always targets test.db regardless of what is set in the shell environment. tests/Unit/DatabaseTest.php, tests/Integration/SearchTest.php, tests/Security/SecurityTest.php: same putenv() guard added to each file so they work correctly when run standalone (e.g. just test-unit). justfile: all test and DB-development recipes now prefix DB_ENV=test to their php/sqlite3 commands, making the intent explicit in the recipe itself. Fixes: a developer who ran the test suite and kept test.db on disk would silently hit test data when browsing the local site with no DB_ENV set. --- TODO.md | 2 +- justfile | 10 +++--- .../ad921d60486366258809553a3db49a4a.json | 2 +- src/config.php | 34 ++++++------------ storage/test.db | Bin 237568 -> 237568 bytes tests/Integration/SearchTest.php | 2 ++ tests/Security/SecurityTest.php | 2 ++ tests/Unit/DatabaseTest.php | 3 ++ tests/run-tests.php | 4 +++ 9 files changed, 29 insertions(+), 30 deletions(-) diff --git a/TODO.md b/TODO.md index 22ff7c8..514bf25 100644 --- a/TODO.md +++ b/TODO.md @@ -410,7 +410,7 @@ Goal: rename the tables and column to the canonical M2M pattern (`tags`, `thesis future API endpoint) a partial failure leaves orphaned rows. Wrap the body in `BEGIN … COMMIT / ROLLBACK` (check `$this->pdo->inTransaction()` to avoid nesting). -- [ ] **DB config auto-detection is fragile** — `src/config.php` switches to `test.db` whenever the +- [x] **DB config auto-detection is fragile** — `src/config.php` switches to `test.db` whenever the file exists locally, which means a developer who ran tests and forgot to delete `test.db` will silently hit test data on a local production-mirror. Make the default `prod`; require explicit `DB_ENV=test` to use the test database. diff --git a/justfile b/justfile index c9c6ff7..4f7c4bd 100644 --- a/justfile +++ b/justfile @@ -84,20 +84,20 @@ deploy-db: [group('test')] test: - @php tests/run-tests.php + @DB_ENV=test php tests/run-tests.php [group('test')] test-unit: - @php tests/Unit/DatabaseTest.php - @php tests/Unit/RateLimitTest.php + @DB_ENV=test php tests/Unit/DatabaseTest.php + @DB_ENV=test php tests/Unit/RateLimitTest.php [group('test')] test-integration: - @php tests/Integration/SearchTest.php + @DB_ENV=test php tests/Integration/SearchTest.php [group('test')] test-security: - @php tests/Security/SecurityTest.php + @DB_ENV=test php tests/Security/SecurityTest.php [group('test')] syntax: diff --git a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json b/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json index be25078..fc1eee3 100644 --- a/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json +++ b/src/cache/rate_limit/ad921d60486366258809553a3db49a4a.json @@ -1 +1 @@ -[1774701325] \ No newline at end of file +[1774701765] \ No newline at end of file diff --git a/src/config.php b/src/config.php index 70fbda4..0a117c6 100644 --- a/src/config.php +++ b/src/config.php @@ -15,35 +15,23 @@ define('DB_TEST_PATH', DB_ROOT . '/storage/test.db'); define('DB_PROD_PATH', DB_ROOT . '/storage/posterg.db'); /** - * Determine which database to use - * Checks environment variable DB_ENV, defaults to auto-detection + * Determine which database to use. * - * Set DB_ENV in your environment: - * - export DB_ENV=test # Force test database - * - export DB_ENV=prod # Force production database + * Always defaults to the production database. + * Set DB_ENV=test explicitly to use the test database. * - * Auto-detection logic: - * - If test.db exists, use it (development) - * - Otherwise use posterg.db (production) + * export DB_ENV=test # use storage/test.db + * export DB_ENV=prod # use storage/posterg.db (default) + * + * The old file-existence auto-detection has been removed: a leftover + * test.db on a developer machine no longer silently redirects all + * requests to test data. */ -function getDatabasePath() { - // Allow explicit override via environment variable - $env = getenv('DB_ENV'); - - if ($env === 'test') { +function getDatabasePath(): string { + if (getenv('DB_ENV') === 'test') { return DB_TEST_PATH; } - if ($env === 'prod') { - return DB_PROD_PATH; - } - - // Auto-detect: prefer test database if it exists - if (file_exists(DB_TEST_PATH)) { - return DB_TEST_PATH; - } - - // Default to production database return DB_PROD_PATH; } diff --git a/storage/test.db b/storage/test.db index 3cfd596c11556ea158d0af64ad32a2220eb4f3e9..843b8ccdf6554a4151ea0800049bf0ef88ab7811 100644 GIT binary patch delta 28 icmZoTz}IkqZ$pqiV^VXletWP!BM>uf57uX1TL1u*vI(RB delta 28 icmZoTz}IkqZ$pqiV`6i#etWP!BM>uf57uX1TL1u*pb4V@ diff --git a/tests/Integration/SearchTest.php b/tests/Integration/SearchTest.php index 7adac27..6fcea12 100644 --- a/tests/Integration/SearchTest.php +++ b/tests/Integration/SearchTest.php @@ -4,6 +4,8 @@ * Tests search queries and results */ +putenv('DB_ENV=test'); + require_once __DIR__ . '/../../src/Database.php'; echo "Search Functionality Test\n"; diff --git a/tests/Security/SecurityTest.php b/tests/Security/SecurityTest.php index d25163d..a696e33 100644 --- a/tests/Security/SecurityTest.php +++ b/tests/Security/SecurityTest.php @@ -4,6 +4,8 @@ * Tests SQL injection protection and input sanitization */ +putenv('DB_ENV=test'); + require_once __DIR__ . '/../../src/Database.php'; echo "Security Test Suite\n"; diff --git a/tests/Unit/DatabaseTest.php b/tests/Unit/DatabaseTest.php index e6661b9..091c114 100644 --- a/tests/Unit/DatabaseTest.php +++ b/tests/Unit/DatabaseTest.php @@ -4,6 +4,9 @@ * Tests basic database connectivity and query functionality */ +// Must be set before Database.php is required so getDatabasePath() picks it up. +putenv('DB_ENV=test'); + require_once __DIR__ . '/../../src/Database.php'; echo "Database Connection Test\n"; diff --git a/tests/run-tests.php b/tests/run-tests.php index 9027710..f271469 100755 --- a/tests/run-tests.php +++ b/tests/run-tests.php @@ -5,6 +5,10 @@ * Runs all tests in the tests/ directory */ +// Tests always run against the test database; require an explicit opt-in so +// that a stray test.db on disk never silently redirects a production session. +putenv('DB_ENV=test'); + echo "╔════════════════════════════════════════════╗\n"; echo "║ Post-ERG Test Suite ║\n"; echo "╚════════════════════════════════════════════╝\n\n";