Frontend:
- Fix all API response unwrapping (backend wraps in {data:...})
- Fix workflow publish/archive to use PATCH /status endpoint
- Fix step reorder payload format
- Add tenantId to workflow creation
- Fix step count display using _count
Security (CRITICAL/HIGH):
- Add JWT algorithm restriction (HS256 only)
- Replace weak default JWT secrets
- Fix token blacklist memory leak
- Fix step reorder IDOR vulnerability
- Strengthen password policy (8 chars, mixed case + digit)
Tests:
- 68 tests: auth (17), workflows (26), tenants (25)
- Complete Prisma mock setup with test fixtures
43 lines
1.1 KiB
JSON
43 lines
1.1 KiB
JSON
{
|
|
"name": "workflow-portal-backend",
|
|
"version": "1.0.0",
|
|
"scripts": {
|
|
"dev": "nodemon --exec ts-node src/index.ts",
|
|
"build": "tsc",
|
|
"start": "node dist/index.js",
|
|
"test": "jest --forceExit --detectOpenHandles",
|
|
"test:coverage": "jest --forceExit --detectOpenHandles --coverage",
|
|
"test:watch": "jest --watch",
|
|
"db:migrate": "npx prisma migrate deploy",
|
|
"db:seed": "ts-node prisma/seed.ts",
|
|
"db:generate": "npx prisma generate"
|
|
},
|
|
"dependencies": {
|
|
"@prisma/client": "^6.0.0",
|
|
"bcryptjs": "^2.4.3",
|
|
"cors": "^2.8.5",
|
|
"dotenv": "^16.4.0",
|
|
"express": "^4.21.0",
|
|
"express-rate-limit": "^7.4.0",
|
|
"helmet": "^8.0.0",
|
|
"jsonwebtoken": "^9.0.2",
|
|
"zod": "^3.23.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/bcryptjs": "^2.4.6",
|
|
"@types/cors": "^2.8.17",
|
|
"@types/express": "^5.0.0",
|
|
"@types/jest": "^29.5.0",
|
|
"@types/jsonwebtoken": "^9.0.7",
|
|
"@types/node": "^22.0.0",
|
|
"@types/supertest": "^6.0.0",
|
|
"jest": "^29.7.0",
|
|
"nodemon": "^3.1.0",
|
|
"prisma": "^6.0.0",
|
|
"supertest": "^7.0.0",
|
|
"ts-jest": "^29.2.0",
|
|
"ts-node": "^10.9.2",
|
|
"typescript": "^5.6.0"
|
|
}
|
|
}
|