Staging #4
Open
Staging #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove hardcoded default values for staging username and password to enforce proper environment variable configuration and enhance security by preventing reliance on insecure defaults. BREAKING CHANGE: Authentication will fail if STAGING_USERNAME and STAGING_PASSWORD environment variables are not set. Ensure these are configured in the deployment environment.
Replace default Next.js homepage content with a permanent redirect to /login, ensuring users are immediately directed to authentication instead of the original landing page. This simplifies the entry point and focuses on secure access flow.
Update the authentication challenge page to use generic placeholders instead of hardcoded username and password, and convert the contact message to a clickable email link for better usability and security. This follows up on previous changes to remove fallback defaults for staging credentials.
Add a new private method to generate Basic Auth headers using environment variables for staging API authentication. This ensures nginx auth is handled properly in staging environments, with Bearer token taking precedence if both are present.
Previously, the function always attempted to generate a Basic Auth header even if environment variables for username and password were undefined, potentially causing runtime errors. Now it checks for their presence before encoding, returning null otherwise to handle missing credentials gracefully.
…port - Add EmissionsChart component for visualizing emissions trends - Create MetricCard component for displaying key metrics with icons and loading states - Implement RecentCalculations component for showing recent emission calculations - Improve mobile responsiveness in DashboardSidebar and DashboardHeader - Add new UI components (alert, button, card, input, loading, select) for design consistency - Update .env.example with staging and production environment variables - Modify .gitignore to include .env.staging - Add lucide-react icons and @types/estree dependency to package.json Refactor dashboard page to use new components, removing inline code for better maintainability.
…rk mode support - Refactor dashboard layout to use AuthGuard and RouteGuard components for improved security - Implement role-based access control with RoleGuard for admin, auditor, and CFO roles - Add dark mode support with theme toggle, CSS variables, and useDarkMode hook - Update UI components (button, input) and dashboard elements for dark mode compatibility - Enhance RecentCalculations with proper typing and add new auth-related hooks BREAKING CHANGE: Dashboard layout now requires AuthGuard wrapper for authentication checks
Add Jest configuration and setup for unit testing, including mocks for Next.js components and browser APIs. Introduce Playwright for end-to-end testing with multi-browser support and CI integration. Update package.json with test scripts and dependencies. Include initial test files for authentication and API components. Modify .gitignore and globals.css to support testing artifacts and styling.
…integration Add unit tests for Button component covering variants, sizes, events, and props forwarding. Add tests for useDarkMode hook including theme initialization, localStorage persistence, and system preference handling. Add integration tests for API endpoints including authentication, emissions, entities, and reports with error handling. Enhance e2e dashboard tests for improved dark mode toggle functionality.
…ents Added test suites for DashboardHeader, MetricCard, Card, and Input components to ensure proper rendering, styling, accessibility, and functionality. These tests cover various scenarios including responsive design, dark mode, user interactions, and edge cases to improve code reliability and maintainability.
…rcel deployment Add GitHub Actions workflows for production monitoring and pull request testing, including Lighthouse CI, bundle analysis, and performance budgets. Introduce performance monitoring script, update Next.js config with optimizations, and add Vercel deployment configuration. Include detailed documentation for performance testing setup and best practices. - New workflows: production-monitoring.yml and pull-request.yml for automated testing - Performance tools: Lighthouse configs, budgets.json, and monitoring script - Optimizations: Enhanced next.config.ts with image optimization and caching headers - Documentation: PERFORMANCE_TESTING.md with setup guides and troubleshooting - Deployment: vercel.json for environment-specific configurations
…nd crons Simplify deployment configuration by removing obsolete API functions, routing rules, and scheduled tasks. Add log-error.md to .gitignore to exclude error log files from version control.
Add environment variables for reCAPTCHA enablement and Stack Auth integration in .env.example. Update Next.js config to use serverExternalPackages and remove deprecated swcMinify. Modify useRecaptcha hook to conditionally disable reCAPTCHA based on environment flag, improving flexibility for different deployment environments.
Remove sensitive default credentials from README.md to enhance security and prevent potential misuse in development environments.
…nfig Removed unnecessary deployment regions and security headers from vercel.json to simplify configuration and reduce overhead, as these settings were not required for the current setup.
Allow reCAPTCHA verification only when enabled via environment variable, improving flexibility for login process without mandatory checks.
Enhance login success handler to handle cases where user data is missing from the response by fetching current user via API client. Includes error handling and logging to prevent login failures and improve robustness.
Separate Bearer token usage for auth endpoints to ensure proper authentication, while maintaining Basic Auth for other endpoints with Bearer override for API auth. This prevents auth endpoints from incorrectly using Basic Auth and ensures consistent token-based authentication where needed.
Update login success handler to construct user object from user_id and role when full user data is not provided by backend, with fallback to fetch complete user data for improved authentication flow robustness.
Enhance AuthResponse interface with refresh_token, expires_in, user_id, and role fields for improved authentication handling. Import User type in login page for consistency. Make user field optional to maintain backward compatibility with existing implementations.
Add comprehensive test coverage enforcement with GitHub Actions workflow, Jest configuration updates, and documentation guide. Includes automated coverage checks on PRs, threshold enforcement, and detailed reporting to ensure code quality standards are met. - New workflow for coverage analysis and quality gates - Updated PR workflow to enforce minimum coverage thresholds - Enhanced Jest config with coverage reporters and exclusions - Added package.json scripts for coverage checking - Comprehensive coverage guide with targets and best practices
Add auth initialization logic to prevent infinite loading states and improve user experience. Introduce isInitialized flag in auth store, wrap providers with AuthInitializer component, and enhance AuthGuard with better loading and redirect handling. Also add type annotations to API client methods for improved type safety.
…ncements - Replace inline forms with Scope1Calculator, Scope2Calculator, and CalculationHistory components - Add Radix UI tabs, cards, and EPA factors status display - Update CSS with new theming variables and dark mode support - Add tw-animate-css for animations and update dependencies - Minor improvements to login placeholders and utils formatting
Add a new page component for email verification that handles token validation via API call, displays loading, success, and error states with appropriate UI feedback, and provides navigation links for login or re-registration.
- Display fuel and electricity factor counts in emissions dashboard - Wrap auth pages (reset-password, verify-email) with Suspense for better loading UX - Remove unused imports and disable unused queries in calculators - Fix apostrophes in forgot-password page text - Update API client to properly type emissions factors response
…ironment - Modify start script to include cross-env for consistent NODE_ENV setting - Ensure production environment is explicitly set during application startup - Improve script consistency with build and dev scripts using cross-env
- Fix incorrect start script in package.json - Remove unnecessary `next build` from start command - Ensure clean production start process - Resolves potential deployment startup issues
- Change dev server command from 'npm run dev' to 'npm run start' - Set reuseExistingServer to always true - Increase web server timeout to 120 seconds - Improve configuration for more reliable test environment setup
- Increase worker count from 1 to 2 for improved test parallelization - Temporarily disable non-Chrome browser and mobile device test configurations - Simplify test configuration to focus on primary testing environment
- Add mock API startup step for backend testing - Modify E2E testing workflow to ensure port 3000 is available - Remove manual application startup and port waiting steps - Simplify port management before E2E tests - Enhance workflow reliability and reduce potential port conflicts
- Replace local backend mock with staging API endpoint - Set NEXT_PUBLIC_API_URL environment variable for tests - Add environment variable for E2E tests to use staging backend - Remove manual backend startup step - Simplify workflow configuration for testing
- Add staging-specific Playwright configuration - Update pull request workflow to run tests against staging environment - Create global setup script for staging E2E tests - Add staging smoke test suite to validate basic functionality - Modify base Playwright configuration to support dynamic base URL - Implement flexible environment detection for test runs Improves E2E testing infrastructure by introducing dedicated staging test configuration and workflow integration.
- Add README.md for E2E testing documentation - Create auth-helper.ts for staging authentication management - Update package.json with new staging E2E test scripts - Modify staging-setup.ts for enhanced test configuration - Improve staging-smoke-test.spec.ts with detailed test scenarios - Prepare infrastructure for real-world staging environment testing
- Add comprehensive API endpoint testing for staging environment - Implement health checks for validation, EPA, and emissions endpoints - Improve error handling and logging for API connectivity tests - Add new test cases to verify direct API endpoint accessibility - Enhance real API integration test to capture and log API calls - Expand staging-setup.ts to perform more thorough API connectivity checks - Improve error tracking and reporting for staging environment tests
- Update staging smoke test to use const for apiCalls array - Import unused constants from 'node:buffer' - Minor code style improvements in test configuration - Prepare for more robust API response testing in staging environment
- Update Playwright staging configuration to support fallback URL - Improve staging setup helper with more flexible environment detection - Refactor staging smoke tests to be more resilient and adaptable - Add fallback mechanism for base URL and API endpoint testing - Enhance error handling and logging in E2E test infrastructure - Implement more flexible selectors for form and validation testing - Add graceful handling for potential authentication or visibility issues
- Comment out Playwright browser installation step - Comment out application build step - Comment out E2E tests against staging environment - Comment out E2E test results upload step - Preserve workflow structure for future re-enablement
Features/phase 1 4
- Enhance AuthGuard to prevent unnecessary auth state reinitializations - Update API client to handle token refresh and authentication failures more robustly - Add more comprehensive token validation and error logging in auth store - Improve handling of expired or invalid tokens across authentication mechanisms - Ensure consistent session management and login redirection - Add additional checks to prevent multiple token refresh attempts - Implement safer localStorage access and token management Resolves potential authentication edge cases and improves overall authentication reliability and user experience.
fix(auth): Improve authentication flow and error handling
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
- Create new GitHub Actions workflow for production deployment - Implement pre-deployment test stages including type checking, linting, and test coverage - Add E2E tests against staging environment - Configure Vercel production deployment with token-based authentication - Implement post-deployment health checks for frontend and API - Add performance monitoring with Lighthouse - Update Vercel configuration with enhanced security headers - Configure region, environment variables, and API routing - Add redirects and rewrites for improved application routing - Enhance deployment notification steps for success and failure scenarios Improves deployment reliability, security, and observability for the production environment.
- Add comprehensive .vercelignore file to exclude unnecessary files - Update package.json scripts to use standard Next.js build and start commands - Modify vercel.json configuration for improved deployment settings - Update staging API URL in environment configuration - Remove explicit build and output directory settings - Add Node.js 20.x runtime for API functions - Enable skipping environment validation during build
- Simplify build configuration by removing redundant settings - Remove explicit Node.js runtime configuration for API routes - Streamline environment variables and build settings - Remove X-XSS-Protection header - Remove unnecessary API rewrites - Set explicit build command for Next.js project - Maintain staging API URL configuration
…versions - Synchronized package-lock.json with latest dependency configurations - Ensures consistent dependency versions across project environments - Routine maintenance of project dependency management
- Add staging project in Playwright config with baseURL and auth headers - Update Next.js from 15.5.5 to 16.0.7 and eslint-config-next accordingly - Add date-fns dependency for date utilities - Refine TypeScript config for Next.js 16 compatibility - Enhance auth store with mock token handling for testing - Add type interfaces and assertions in emissions components for better type safety BREAKING CHANGE: Update to Next.js 16 may introduce breaking changes in API or component behavior
…s/phase-1-4 - Resolve conflicts by keeping Next.js 16.0.7 upgrade - Maintain security patches for CVE-2025-55182
Remove coverage quality gates, production monitoring, and pull request testing workflows. Comment out pre-deployment tests in production deploy workflow to streamline CI/CD pipeline.
Removes the staging environment project from the Playwright configuration, simplifying the test setup and aligning with recent CI optimizations.
- Added @radix-ui/react-progress dependency to package.json - Updated package-lock.json accordingly - Cleaned up comments in playwright.config.ts by removing staging project reference and adjusting indentation
Features/phase 1 4
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 23186637 | Triggered | Base64 Basic Authentication | 12ec0be | playwright.config.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.