admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
275 Commits 1 Branch 0 Tags
c920934fb63b89a4ba2beb8be3851306c99f8045
Commit Graph

5 Commits

Author SHA1 Message Date
Ho Ngoc Hai
c920934fb6 fix(lint): enforce consistent-type-imports and fix import ordering across codebase 
Auto-fix 862 lint errors: convert value imports used only as types to
`import type`, fix import group ordering in seed.ts and du-an-api.ts,
remove unused imports in auth controller, and clean up stale eslint-disable
comments referencing non-existent rules.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-16 05:13:56 +07:00
Ho Ngoc Hai
25420720e7 fix(api,ci): remove type-only imports for DI and isolate CI ports from dev 
- Remove `type` keyword from NestJS injectable class imports across all
  modules to fix runtime DI resolution (330+ handler/listener files)
- Offset CI docker-compose ports (5433/6380/8109/9002) to avoid
  conflicts with running dev containers
- Update .env.test, playwright.config.ts, and e2e workflow to use
  isolated CI ports with configurable overrides
- Fix prisma/seed.ts to use deterministic IDs for Prisma 7 upsert
  compatibility (phoneHash replaced phone as unique index)
- Add dedicated Docker bridge network for CI service containers

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
 2026-04-13 01:40:14 +07:00
Ho Ngoc Hai
6ebacbc9bf fix: apply consistent-type-imports across API codebase (728 lint errors) 
- Convert `import type { X }` to `import { type X }` (inline-type-imports style)
- Suppress consistent-type-imports for `typeof import()` in instrument.ts
- Includes uncommitted agent work: metrics module, redis caching, audit logs,
  saved searches, circuit breaker, rate limiting, and admin enhancements

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-10 23:22:21 +07:00
Ho Ngoc Hai
271ad76e6f fix: resolve E2E test failures and API runtime issues for Docker dev environment 
- Fix DI issues: circular MCP module dependency, EventBus type import,
  SearchModule provider, CacheService metric counters placement
- Fix Express 5 readonly req.query in SanitizeInputMiddleware
- Fix Typesense client lazy initialization (getter instead of constructor)
- Fix MinIO bucket init error handling (non-fatal on 403)
- Fix missing class-validator decorators on bigint DTO fields (priceVND, amountVND)
- Fix subscription plan 404 (was returning 500 for invalid tier)
- Disable CSRF and raise rate limits in test environment
- Update E2E tests to match actual API response shapes
- Update CI workflow with Redis, Typesense, MinIO services and env vars

All 101 API E2E tests now pass against Docker dev environment.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 05:44:00 +07:00
Ho Ngoc Hai
f3081d92fc feat(security): add security hardening — Helmet, CORS, rate limiting, input sanitization 
- Add Helmet with CSP, HSTS, referrer policy
- Configure CORS with environment-based origins
- Add global validation pipe with whitelist mode
- Add SanitizeInputMiddleware for XSS prevention
- Add ThrottlerBehindProxyGuard for rate limiting
- Add FileValidationPipe for upload security
- Set request body size limit to 1MB

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-08 02:04:13 +07:00