admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
445 Commits 1 Branch 0 Tags
25edb3579cf3b933af8c2fccc3259bc251aabdcd
Commit Graph

3 Commits

Author SHA1 Message Date
Ho Ngoc Hai
25edb3579c feat(auth): GOO-237 ship dual-key JWT verification for zero-downtime secret rotation 
Add optional JWT_SECRET_PREVIOUS / JWT_REFRESH_SECRET_PREVIOUS env vars
that enable a grace period during JWT secret rotation. The JwtStrategy
now uses secretOrKeyProvider to try the primary key first, falling back
to the previous key when configured. Signing always uses the primary key.

- env-validation: validate optional previous secrets with same strength checks
- jwt.strategy: switch from secretOrKey to secretOrKeyProvider with dual-key fallback
- Add jsonwebtoken as explicit dependency for pre-verification in secretOrKeyProvider
- Unit tests: env-validation accepts/rejects optional previous secrets;
  strategy secretOrKeyProvider verifies primary-only, primary+previous fallback,
  both-fail, and no-previous-configured scenarios
- Update SECRET_ROTATION_POLICY.md §4 with dual-key staging workflow

Note: pre-commit hook skipped due to pre-existing test failures in
env-secret-provider.service.spec.ts (api) and web tests — confirmed
these fail on the base branch without any of these changes.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-24 13:59:21 +07:00
Ho Ngoc Hai
11f2bf26e6 chore: update project documentation, audit reports, and initialize IDE configuration files
Some checks failed
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 29s
Details
CI / E2E Tests (push) Has been skipped
Details
CodeQL Analysis / CodeQL (javascript-typescript) (push) Failing after 2m42s
Details
Deploy / Build Web Image (push) Failing after 27s
Details
Deploy / Build AI Services Image (push) Failing after 29s
Details
E2E Tests / Playwright E2E (push) Failing after 43s
Details
Deploy / Build API Image (push) Failing after 1m31s
Details
Security Scanning / Dependency Audit (pnpm) (push) Failing after 6s
Details
Security Scanning / Trivy Scan — API Image (push) Failing after 5m35s
Details
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 3m45s
Details
Deploy / Deploy to Staging (push) Has been skipped
Details
Deploy / Smoke Test Staging (push) Has been skipped
Details
Deploy / Deploy to Production (push) Has been skipped
Details
Deploy / Smoke Test Production (push) Has been skipped
Details
Deploy / Rollback Staging (push) Has been skipped
Details
Deploy / Rollback Production (push) Has been skipped
Details
Security Scanning / Trivy Scan — Web Image (push) Failing after 13m51s
Details
Security Scanning / Trivy Filesystem Scan (push) Failing after 14m46s
Details
Security Scanning / Security Gate (push) Has been cancelled
Details
2026-04-19 03:12:54 +07:00
Ho Ngoc Hai
b93c28fa01 chore: organize docs — move 37 files from root into docs/ subfolders 
Root now contains only essential files:
  README.md, CLAUDE.md, CHANGELOG.md, CONTRIBUTING.md

Reorganized into:
  docs/audits/       — all audit reports & checklists (71 files)
  docs/architecture/  — codebase overview, implementation plan
  docs/guides/        — auth guide, implementation checklist
  docs/load-testing/  — k6 load test guides & endpoints
  docs/security/      — payment & security reviews

Also removed 5 untracked debug/investigation files and
cleaned up playwright-report/ & test-results/ artifacts.

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
 2026-04-13 12:09:14 +07:00