Fix security check and remove obsolete tests
- Update security check to ignore environment variable references - Remove tests for Lambda and DynamoDB that no longer exist - Update tests to check for API service usage - Fix Amplify build failure
This commit is contained in:
DaX
@@ -1,62 +0,0 @@
|
|||||||
import { readFileSync } from 'fs';
|
|
||||||
import { join } from 'path';
|
|
||||||
|
|
||||||
describe('Authentication Security Tests', () => {
|
|
||||||
it('should use /upadaj route instead of /admin', () => {
|
|
||||||
const adminDashboardPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
|
|
||||||
const adminLoginPath = join(process.cwd(), 'app', 'upadaj', 'page.tsx');
|
|
||||||
|
|
||||||
const dashboardContent = readFileSync(adminDashboardPath, 'utf-8');
|
|
||||||
const loginContent = readFileSync(adminLoginPath, 'utf-8');
|
|
||||||
|
|
||||||
// Check that /admin is not used
|
|
||||||
expect(dashboardContent).not.toContain("'/admin'");
|
|
||||||
expect(loginContent).not.toContain("'/admin/dashboard'");
|
|
||||||
|
|
||||||
// Check that /upadaj is used
|
|
||||||
expect(dashboardContent).toContain("'/upadaj'");
|
|
||||||
expect(loginContent).toContain("'/upadaj/dashboard'");
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should have proper password hash in terraform vars', () => {
|
|
||||||
const tfvarsPath = join(process.cwd(), 'terraform', 'terraform.tfvars');
|
|
||||||
const tfvarsContent = readFileSync(tfvarsPath, 'utf-8');
|
|
||||||
|
|
||||||
// Check that password hash is present and looks like bcrypt
|
|
||||||
expect(tfvarsContent).toMatch(/admin_password_hash\s*=\s*"\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}"/);
|
|
||||||
|
|
||||||
// Ensure the new password hash is set (this is the hash for Filamenteka2025!)
|
|
||||||
expect(tfvarsContent).toContain('$2b$10$5G9fgrNGEKMMDunJkjtzy.vWCmLNIftf6HTby25TylgQHqsePI3CG');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should include proper CORS headers in Lambda functions', () => {
|
|
||||||
const filamentsLambda = join(process.cwd(), 'lambda', 'filaments', 'index.js');
|
|
||||||
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
|
|
||||||
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
|
|
||||||
|
|
||||||
const filamentsContent = readFileSync(filamentsLambda, 'utf-8');
|
|
||||||
const authContent = readFileSync(authLambda, 'utf-8');
|
|
||||||
const colorsContent = readFileSync(colorsLambda, 'utf-8');
|
|
||||||
|
|
||||||
// Check that all Lambda functions include X-Accept-Format in CORS headers
|
|
||||||
expect(filamentsContent).toContain('X-Accept-Format');
|
|
||||||
expect(authContent).toContain('X-Accept-Format');
|
|
||||||
expect(colorsContent).toContain('X-Accept-Format');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should have JWT authentication in protected endpoints', () => {
|
|
||||||
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
|
|
||||||
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
|
|
||||||
|
|
||||||
const authContent = readFileSync(authLambda, 'utf-8');
|
|
||||||
const colorsContent = readFileSync(colorsLambda, 'utf-8');
|
|
||||||
|
|
||||||
// Check for JWT in auth Lambda
|
|
||||||
expect(authContent).toContain('jwt.sign');
|
|
||||||
expect(authContent).toContain('jwt.verify');
|
|
||||||
|
|
||||||
// Check for auth verification in colors Lambda
|
|
||||||
expect(colorsContent).toContain('verifyAuth');
|
|
||||||
expect(colorsContent).toContain('Authorization');
|
|
||||||
});
|
|
||||||
});
|
|
||||||
@@ -1,42 +0,0 @@
|
|||||||
import { readFileSync } from 'fs';
|
|
||||||
import { join } from 'path';
|
|
||||||
|
|
||||||
describe('Data Structure Tests', () => {
|
|
||||||
it('should have bojaHex field in Filament interface', () => {
|
|
||||||
const filamentTypePath = join(process.cwd(), 'src', 'types', 'filament.ts');
|
|
||||||
const typeContent = readFileSync(filamentTypePath, 'utf-8');
|
|
||||||
|
|
||||||
expect(typeContent).toContain('bojaHex?: string;');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should handle V2 data format in Lambda', () => {
|
|
||||||
const filamentsLambdaPath = join(process.cwd(), 'lambda', 'filaments', 'index.js');
|
|
||||||
const lambdaContent = readFileSync(filamentsLambdaPath, 'utf-8');
|
|
||||||
|
|
||||||
// Check for V2 format handling
|
|
||||||
expect(lambdaContent).toContain('X-Accept-Format');
|
|
||||||
expect(lambdaContent).toContain('transformToLegacy');
|
|
||||||
expect(lambdaContent).toContain('acceptsNewFormat');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should have colors table structure', () => {
|
|
||||||
const colorsLambdaPath = join(process.cwd(), 'lambda', 'colors', 'index.js');
|
|
||||||
const colorsContent = readFileSync(colorsLambdaPath, 'utf-8');
|
|
||||||
|
|
||||||
// Check for colors table handling
|
|
||||||
expect(colorsContent).toContain('COLORS_TABLE_NAME');
|
|
||||||
expect(colorsContent).toContain('name: data.name');
|
|
||||||
expect(colorsContent).toContain('hex: data.hex');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should have proper DynamoDB table configuration', () => {
|
|
||||||
const dynamodbTfPath = join(process.cwd(), 'terraform', 'dynamodb.tf');
|
|
||||||
const tfContent = readFileSync(dynamodbTfPath, 'utf-8');
|
|
||||||
|
|
||||||
// Check for DynamoDB configuration
|
|
||||||
expect(tfContent).toContain('aws_dynamodb_table');
|
|
||||||
expect(tfContent).toContain('${var.app_name}-filaments');
|
|
||||||
expect(tfContent).toContain('hash_key');
|
|
||||||
expect(tfContent).toContain('billing_mode = "PAY_PER_REQUEST"');
|
|
||||||
});
|
|
||||||
});
|
|
||||||
@@ -13,17 +13,17 @@ describe('No Mock Data Tests', () => {
|
|||||||
|
|
||||||
expect(pageContent).not.toContain('data.json');
|
expect(pageContent).not.toContain('data.json');
|
||||||
expect(pageContent).not.toContain("'/data.json'");
|
expect(pageContent).not.toContain("'/data.json'");
|
||||||
expect(pageContent).toContain('API URL not configured');
|
expect(pageContent).toContain('filamentService');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should use NEXT_PUBLIC_API_URL in all components', () => {
|
it('should use API service in all components', () => {
|
||||||
const pagePath = join(process.cwd(), 'app', 'page.tsx');
|
const pagePath = join(process.cwd(), 'app', 'page.tsx');
|
||||||
const adminPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
|
const adminPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
|
||||||
|
|
||||||
const pageContent = readFileSync(pagePath, 'utf-8');
|
const pageContent = readFileSync(pagePath, 'utf-8');
|
||||||
const adminContent = readFileSync(adminPath, 'utf-8');
|
const adminContent = readFileSync(adminPath, 'utf-8');
|
||||||
|
|
||||||
expect(pageContent).toContain('process.env.NEXT_PUBLIC_API_URL');
|
expect(pageContent).toContain('filamentService');
|
||||||
expect(adminContent).toContain('process.env.NEXT_PUBLIC_API_URL');
|
expect(adminContent).toContain('filamentService');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@@ -33,7 +33,12 @@ function scanFile(filePath) {
|
|||||||
if (matches) {
|
if (matches) {
|
||||||
matches.forEach(match => {
|
matches.forEach(match => {
|
||||||
// Only flag if it's not a placeholder or example
|
// Only flag if it's not a placeholder or example
|
||||||
if (!match.includes('example') && !match.includes('YOUR_') && !match.includes('xxx')) {
|
if (!match.includes('example') &&
|
||||||
|
!match.includes('YOUR_') &&
|
||||||
|
!match.includes('xxx') &&
|
||||||
|
!match.includes('your-password') &&
|
||||||
|
!match.includes('process.env') &&
|
||||||
|
!match.includes('<set-in-environment>')) {
|
||||||
issues.push({
|
issues.push({
|
||||||
file: filePath,
|
file: filePath,
|
||||||
pattern: pattern.source,
|
pattern: pattern.source,
|
||||||
|
|||||||
Reference in New Issue
Block a user