fix: comprehensive codebase hardening — crashes, silent failures, performance, and security

Fixes ~95 issues from deep audit across 12 categories in 82 files:

- Crash prevention: double-resume in PhotoMetadataExtractor, force unwraps in
  DateRangePicker, array bounds checks in polls/achievements, ProGate hit-test
  bypass, Dictionary(uniqueKeysWithValues:) → uniquingKeysWith in 4 files
- Silent failure elimination: all 34 try? sites replaced with do/try/catch +
  logging (SavedTrip, TripDetailView, CanonicalSyncService, BootstrapService,
  CanonicalModels, CKModels, SportsTimeApp, and more)
- Performance: cached DateFormatters (7 files), O(1) team lookups via
  AppDataProvider, achievement definition dictionary, AnimatedBackground
  consolidated from 19 Tasks to 1, task cancellation in SharePreviewView
- Concurrency: UIKit drawing → MainActor.run, background fetch timeout guard,
  @MainActor on ThemeManager/AppearanceManager, SyncLogger read/write race fix
- Planning engine: game end time in travel feasibility, state-aware city
  normalization, exact city matching, DrivingConstraints parameter propagation
- IAP: unknown subscription states → expired, unverified transaction logging,
  entitlements updated before paywall dismiss, restore visible to all users
- Security: API key to Info.plist lookup, filename sanitization in PDF export,
  honest User-Agent, removed stale "Feels" analytics super properties
- Navigation: consolidated competing navigationDestination, boolean → value-based
- Testing: 8 sleep() → waitForExistence, duplicates extracted, Swift 6 compat
- Service bugs: infinite retry cap, duplicate achievement prevention, TOCTOU vote
  fix, PollVote.odg → voterId rename, deterministic placeholder IDs, parallel
  MKDirections, Sendable-safe POI struct

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
2026-02-27 17:03:09 -06:00
parent e046cb6b34
commit c94e373e33
82 changed files with 1163 additions and 599 deletions

View File

@@ -833,6 +833,7 @@ enum ItineraryReorderingLogic {
/// Keys are formatted as "travel:INDEX:from->to".
/// When multiple keys share the same city pair (repeat visits), matches by
/// checking all keys and preferring the one whose index matches the model's segmentIndex.
/// Falls back to using segment UUID to ensure unique keys for different segments.
private static func travelIdForSegment(
_ segment: TravelSegment,
in travelValidRanges: [String: ClosedRange<Int>],
@@ -855,8 +856,9 @@ enum ItineraryReorderingLogic {
return key
}
// Fallback: return first match or construct without index
return matchingKeys.first ?? "travel:\(suffix)"
// Include segment UUID to make keys unique when multiple segments share
// the same from/to city pair (e.g., repeat visits like A->B, C->B)
return matchingKeys.first ?? "travel:\(segment.id.uuidString):\(suffix)"
}
// MARK: - Utility Functions
@@ -915,8 +917,7 @@ enum ItineraryReorderingLogic {
/// - sourceRow: The original row (fallback if no valid destination found)
/// - Returns: The target row to use (in proposed coordinate space)
///
/// - Note: Uses O(n) contains check. For repeated calls, consider passing a Set instead.
/// However, validDestinationRows is typically small (< 50 items), so this is fine.
/// - Note: Uses a Set for O(1) containment check on validDestinationRows.
static func calculateTargetRow(
proposedRow: Int,
validDestinationRows: [Int],
@@ -925,12 +926,13 @@ enum ItineraryReorderingLogic {
// UX rule: forbid dropping at absolute top (row 0 is always a day header)
var row = proposedRow
if row <= 0 { row = 1 }
// If already valid, use it
if validDestinationRows.contains(row) {
// Use Set for O(1) containment check instead of O(n) Array.contains
let validDestinationSet = Set(validDestinationRows)
if validDestinationSet.contains(row) {
return row
}
// Snap to nearest valid destination (validDestinationRows must be sorted for binary search)
return nearestValue(in: validDestinationRows, to: row) ?? sourceRow
}