Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(backend): harden runtime config and verification access

Browse Source
This commit is contained in:
zouantchaw
2026-03-19 16:36:28 +01:00
parent 8d0ef309e6
commit 2f25d10368
15 changed files with 262 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/command-api/test/app.test.js
View File

@@ -63,6 +63,16 @@ test('GET /readyz reports database not configured when no database env is presen
assert.equal(res.body.status, 'DATABASE_NOT_CONFIGURED');
});
test('createApp fails fast in protected env when auth bypass is enabled', async () => {
process.env.APP_ENV = 'staging';
process.env.AUTH_BYPASS = 'true';
assert.throws(() => createApp(), /AUTH_BYPASS must be disabled/);
delete process.env.APP_ENV;
process.env.AUTH_BYPASS = 'true';
});
test('command route requires idempotency key', async () => {
const app = createApp();
const res = await request(app)