Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(backend): harden runtime config and verification access

Browse Source
This commit is contained in:
zouantchaw
2026-03-19 16:36:28 +01:00
parent 8d0ef309e6
commit 2f25d10368
15 changed files with 262 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/unified-api/test/app.test.js
View File

@@ -29,6 +29,19 @@ test('GET /readyz reports database not configured when env is absent', async ()
assert.equal(res.body.status, 'DATABASE_NOT_CONFIGURED');
});
test('createApp fails fast in protected env when upstream config is unsafe', async () => {
process.env.APP_ENV = 'staging';
process.env.AUTH_BYPASS = 'true';
delete process.env.CORE_API_BASE_URL;
delete process.env.COMMAND_API_BASE_URL;
delete process.env.QUERY_API_BASE_URL;
assert.throws(() => createApp(), /AUTH_BYPASS must be disabled/);
delete process.env.APP_ENV;
process.env.AUTH_BYPASS = 'true';
});
test('POST /auth/client/sign-in validates payload', async () => {
const app = createApp();
const res = await request(app).post('/auth/client/sign-in').send({