fix(API): short-circuit read-only path before heavy imports and tighten network match

TheLastCicada · TheLastCicada · commit ccd661b0ff35 · 2026-05-12T13:43:18.000-07:00
Two fixes from bugbot review of #1627: 1. Move dynamic imports of wallet / fullNodeRpc / persistance / V1+V2 models / fullNode AFTER the read-only short-circuit. The PR description said the read-only path short-circuits before fetch, but the heavy imports were happening unconditionally, which (a) made public observer nodes load DB and wallet modules they don't need and (b) caused /diagnostics to fail in the exact scenarios it's designed to survive (e.g. V2 model module body failing to initialize). 2. Use exact equality (not substring containment) for the network match. `"testnet10".includes("testnet1")` is true, so the previous code reported a false match when the configured network was a prefix of the actual one. The diagnostics endpoint's job is to tell the truth; the existing assertChiaNetworkMatchInConfiguration still uses the substring rule, but the `actual` and `configured` fields in the response let operators spot whether the loose-match assertion would also have considered them equivalent.
diff --git a/src/routes/diagnostics.js b/src/routes/diagnostics.js
@@ -225,21 +225,29 @@ const buildTrustedPeerView = (connectionsResult, chiaConfigResult) => {
 export const getDiagnosticsResponse = async ({ readOnly = false } = {}) => {
   const timestamp = new Date().toISOString();
 
-  const wallet = (await import('../datalayer/wallet.js')).default;
-  const fullNodeRpc = (await import('../datalayer/fullNodeRpc.js')).default;
-  const persistance = await import('../datalayer/persistance.js');
-  const { Organization } = await import('../models/index.js');
-  const { OrganizationsV2 } = await import('../models/v2/index.js');
-  const fullNodeModule = await import('../datalayer/fullNode.js');
-
   const configV1 = getConfig();
   const configV2 = getConfigV2();
   const appConfig = configV1.APP || {};
 
+  // Short-circuit BEFORE pulling in the heavy wallet/datalayer/model
+  // dependencies. The read-only path only needs system-info / process-scan /
+  // chia-tools probes plus the synchronously-available config, so importing
+  // wallet.js or models/v2/index.js here would (a) defeat the "no
+  // authenticated RPC on unauthenticated public hits" property and (b)
+  // make /diagnostics itself fail whenever the DB/wallet modules can't
+  // initialize -- which is precisely the failure mode this endpoint exists
+  // to diagnose.
   if (readOnly) {
     return buildReadOnlyResponse({ timestamp, configV1, configV2, appConfig });
   }
 
+  const wallet = (await import('../datalayer/wallet.js')).default;
+  const fullNodeRpc = (await import('../datalayer/fullNodeRpc.js')).default;
+  const persistance = await import('../datalayer/persistance.js');
+  const { Organization } = await import('../models/index.js');
+  const { OrganizationsV2 } = await import('../models/v2/index.js');
+  const fullNodeModule = await import('../datalayer/fullNode.js');
+
   // Kick off every external call in parallel. None of these can throw.
   const [
     activeNetworkRes,
@@ -340,12 +348,20 @@ export const getDiagnosticsResponse = async ({ readOnly = false } = {}) => {
   };
 
   // ---- Chia: network match ------------------------------------------------
+  // We use exact equality here, NOT the substring semantics of
+  // assertChiaNetworkMatchInConfiguration (which treats `CHIA_NETWORK:
+  // "testnet"` as matching any actual network containing "testnet"). That
+  // substring rule has a real false-positive: `"testnet10".includes("testnet1")`
+  // is true. The diagnostics endpoint's job is to surface the truth so
+  // operators can spot a stale or mistyped config; the `actual` and
+  // `configured` fields above let them judge whether the existing assertion
+  // would also have considered them a match.
   const actualNetwork = activeNetworkRes.ok
     ? activeNetworkRes.value?.network_name || null
     : null;
   const configuredNetwork = appConfig.CHIA_NETWORK || null;
   const networkMatches =
-    actualNetwork && configuredNetwork ? actualNetwork.includes(configuredNetwork) : null;
+    actualNetwork && configuredNetwork ? actualNetwork === configuredNetwork : null;
 
   // ---- Chia: wallet -------------------------------------------------------
   // connectionError is non-empty whenever the wallet is unreachable, even
