fix(amazon-orders): reject auth-wall HTML#1416
Conversation
Greptile SummaryThis PR adds an authenticated-HTML guard to the Amazon Orders CLI to prevent Amazon's sign-in, CAPTCHA, and challenge pages (returned with HTTP 200) from being parsed or cached as valid order data. The fix introduces a typed
Confidence Score: 5/5Safe to merge; the guard is applied consistently across all authenticated HTML read paths and the critical test suite covers the main failure modes addressed by this PR. The changes are well-tested with targeted fixtures for sign-in HTML in multiple locales, mismatched order IDs, local cache taint detection, and doctor live-probe scenarios. The core logic — a typed error, a shared classifier, and a writeThroughCacheValidated split — is straightforward and the guard is applied at every entry point before parse or persistence. No files require special attention; all core paths are guarded and tested. Important Files Changed
|
Summary
Amazon Orders now fails honestly when Amazon returns sign-in, claim, CAPTCHA, or challenge HTML with HTTP 200. Before this,
doctorcould report a fresh/usable setup while order reads, search, and sync parsed or cached login pages as successful data; now those paths return auth errors and point the operator back toauth login --chromeanddoctor.The fix guards authenticated HTML before parsing, before SQLite write-through, before workflow/archive persistence, and before sync writes.
doctornow validates the real order-history surface and flags tainted local cache rows, while local order detail/invoice lookups use the requested order ID instead of the static endpoint path.Validation
go test ./internal/parser ./internal/cli -run 'AuthInterstitial|OrderHistory|ResolveRead|SyncResource|ValidateOrderDetail|DoctorLiveCredential|CollectCacheReport|FetchOrderListPages|TrackRejects|WorkflowArchive|SyncAuthInterstitial'go test ./...go build ./cmd/amazon-orders-pp-cligo vet ./...git diff --checkdoctor --agent --fail-on errorreports stale browser proof plus taintedorders/transactionscache;find Aqara,orders get 702-5010515-8774615, andsync --resources orders,transactions --since 90d --strictall fail with explicit auth/interstitial errors instead of returning false data.