DaX/Filamenteka
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security check and remove obsolete tests

Browse Source 
- Update security check to ignore environment variable references
- Remove tests for Lambda and DynamoDB that no longer exist
- Update tests to check for API service usage
- Fix Amplify build failure
This commit is contained in:
DaX
2025-06-20 15:54:25 +02:00
parent 82c476430f
commit 99a41f43fb
4 changed files with 10 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
__tests__/auth-security.test.ts
View File

@@ -1,62 +0,0 @@
import { readFileSync } from 'fs';
import { join } from 'path';
describe('Authentication Security Tests', () => {
it('should use /upadaj route instead of /admin', () => {
const adminDashboardPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
const adminLoginPath = join(process.cwd(), 'app', 'upadaj', 'page.tsx');
const dashboardContent = readFileSync(adminDashboardPath, 'utf-8');
const loginContent = readFileSync(adminLoginPath, 'utf-8');
// Check that /admin is not used
expect(dashboardContent).not.toContain("'/admin'");
expect(loginContent).not.toContain("'/admin/dashboard'");
// Check that /upadaj is used
expect(dashboardContent).toContain("'/upadaj'");
expect(loginContent).toContain("'/upadaj/dashboard'");
});
it('should have proper password hash in terraform vars', () => {
const tfvarsPath = join(process.cwd(), 'terraform', 'terraform.tfvars');
const tfvarsContent = readFileSync(tfvarsPath, 'utf-8');
// Check that password hash is present and looks like bcrypt
expect(tfvarsContent).toMatch(/admin_password_hash\s*=\s*"\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}"/);
// Ensure the new password hash is set (this is the hash for Filamenteka2025!)
expect(tfvarsContent).toContain('$2b$10$5G9fgrNGEKMMDunJkjtzy.vWCmLNIftf6HTby25TylgQHqsePI3CG');
});
it('should include proper CORS headers in Lambda functions', () => {
const filamentsLambda = join(process.cwd(), 'lambda', 'filaments', 'index.js');
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
const filamentsContent = readFileSync(filamentsLambda, 'utf-8');
const authContent = readFileSync(authLambda, 'utf-8');
const colorsContent = readFileSync(colorsLambda, 'utf-8');
// Check that all Lambda functions include X-Accept-Format in CORS headers
expect(filamentsContent).toContain('X-Accept-Format');
expect(authContent).toContain('X-Accept-Format');
expect(colorsContent).toContain('X-Accept-Format');
});
it('should have JWT authentication in protected endpoints', () => {
const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
const authContent = readFileSync(authLambda, 'utf-8');
const colorsContent = readFileSync(colorsLambda, 'utf-8');
// Check for JWT in auth Lambda
expect(authContent).toContain('jwt.sign');
expect(authContent).toContain('jwt.verify');
// Check for auth verification in colors Lambda
expect(colorsContent).toContain('verifyAuth');
expect(colorsContent).toContain('Authorization');
});
});

42
__tests__/data-structure.test.ts
View File

@@ -1,42 +0,0 @@
import { readFileSync } from 'fs';
import { join } from 'path';
describe('Data Structure Tests', () => {
it('should have bojaHex field in Filament interface', () => {
const filamentTypePath = join(process.cwd(), 'src', 'types', 'filament.ts');
const typeContent = readFileSync(filamentTypePath, 'utf-8');
expect(typeContent).toContain('bojaHex?: string;');
});
it('should handle V2 data format in Lambda', () => {
const filamentsLambdaPath = join(process.cwd(), 'lambda', 'filaments', 'index.js');
const lambdaContent = readFileSync(filamentsLambdaPath, 'utf-8');
// Check for V2 format handling
expect(lambdaContent).toContain('X-Accept-Format');
expect(lambdaContent).toContain('transformToLegacy');
expect(lambdaContent).toContain('acceptsNewFormat');
});
it('should have colors table structure', () => {
const colorsLambdaPath = join(process.cwd(), 'lambda', 'colors', 'index.js');
const colorsContent = readFileSync(colorsLambdaPath, 'utf-8');
// Check for colors table handling
expect(colorsContent).toContain('COLORS_TABLE_NAME');
expect(colorsContent).toContain('name: data.name');
expect(colorsContent).toContain('hex: data.hex');
});
it('should have proper DynamoDB table configuration', () => {
const dynamodbTfPath = join(process.cwd(), 'terraform', 'dynamodb.tf');
const tfContent = readFileSync(dynamodbTfPath, 'utf-8');
// Check for DynamoDB configuration
expect(tfContent).toContain('aws_dynamodb_table');
expect(tfContent).toContain('${var.app_name}-filaments');
expect(tfContent).toContain('hash_key');
expect(tfContent).toContain('billing_mode = "PAY_PER_REQUEST"');
});
});

8
__tests__/no-mock-data.test.ts
View File

@@ -13,17 +13,17 @@ describe('No Mock Data Tests', () => {
expect(pageContent).not.toContain('data.json');
expect(pageContent).not.toContain("'/data.json'");
expect(pageContent).toContain('API URL not configured');
expect(pageContent).toContain('filamentService');
});
it('should use NEXT_PUBLIC_API_URL in all components', () => {
it('should use API service in all components', () => {
const pagePath = join(process.cwd(), 'app', 'page.tsx');
const adminPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
const pageContent = readFileSync(pagePath, 'utf-8');
const adminContent = readFileSync(adminPath, 'utf-8');
expect(pageContent).toContain('process.env.NEXT_PUBLIC_API_URL');
expect(adminContent).toContain('process.env.NEXT_PUBLIC_API_URL');
expect(pageContent).toContain('filamentService');
expect(adminContent).toContain('filamentService');
});
});

7
scripts/security/security-check.js
View File

@@ -33,7 +33,12 @@ function scanFile(filePath) {
if (matches) {
matches.forEach(match => {
// Only flag if it's not a placeholder or example
if (!match.includes('example') && !match.includes('YOUR_') && !match.includes('xxx')) {
if (!match.includes('example') &&
!match.includes('YOUR_') &&
!match.includes('xxx') &&
!match.includes('your-password') &&
!match.includes('process.env') &&
!match.includes('<set-in-environment>')) {
issues.push({
file: filePath,
pattern: pattern.source,