DaX/Filamenteka
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove decorative icons and update CORS configuration

Browse Source
This commit is contained in:
DaX
2025-06-20 13:05:36 +02:00
parent 18110ab159
commit 62a4891112
51 changed files with 4284 additions and 2385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
__tests__/auth-security.test.ts Normal file
View File

@@ -0,0 +1,62 @@
import { readFileSync } from 'fs';
import { join } from 'path';
describe('Authentication Security Tests', () => {
it('should use /upadaj route instead of /admin', () => {
const adminDashboardPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
const adminLoginPath = join(process.cwd(), 'app', 'upadaj', 'page.tsx');
const dashboardContent = readFileSync(adminDashboardPath, 'utf-8');
const loginContent = readFileSync(adminLoginPath, 'utf-8');
// Check that /admin is not used
expect(dashboardContent).not.toContain("'/admin'");
expect(loginContent).not.toContain("'/admin/dashboard'");
// Check that /upadaj is used
expect(dashboardContent).toContain("'/upadaj'");
expect(loginContent).toContain("'/upadaj/dashboard'");
});
it('should have proper password hash in terraform vars', () => {
const tfvarsPath = join(process.cwd(), 'terraform', 'terraform.tfvars');
const tfvarsContent = readFileSync(tfvarsPath, 'utf-8');
// Check that password hash is present and looks like bcrypt
expect(tfvarsContent).toMatch(/admin_password_hash\s*=\s*"\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}"/);
// Ensure the new password hash is set (this is the hash for Filamenteka2025!)
expect(tfvarsContent).toContain('$2b$10$5G9fgrNGEKMMDunJkjtzy.vWCmLNIftf6HTby25TylgQHqsePI3CG');
});
it('should include proper CORS headers in Lambda functions', () => {
const filamentsLambda = join(process.cwd(), 'lambda', 'filaments', 'index.js');
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
const filamentsContent = readFileSync(filamentsLambda, 'utf-8');
const authContent = readFileSync(authLambda, 'utf-8');
const colorsContent = readFileSync(colorsLambda, 'utf-8');
// Check that all Lambda functions include X-Accept-Format in CORS headers
expect(filamentsContent).toContain('X-Accept-Format');
expect(authContent).toContain('X-Accept-Format');
expect(colorsContent).toContain('X-Accept-Format');
});
it('should have JWT authentication in protected endpoints', () => {
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
const authContent = readFileSync(authLambda, 'utf-8');
const colorsContent = readFileSync(colorsLambda, 'utf-8');
// Check for JWT in auth Lambda
expect(authContent).toContain('jwt.sign');
expect(authContent).toContain('jwt.verify');
// Check for auth verification in colors Lambda
expect(colorsContent).toContain('verifyAuth');
expect(colorsContent).toContain('Authorization');
});
});