Frontend:
- Fix all API response unwrapping (backend wraps in {data:...})
- Fix workflow publish/archive to use PATCH /status endpoint
- Fix step reorder payload format
- Add tenantId to workflow creation
- Fix step count display using _count
Security (CRITICAL/HIGH):
- Add JWT algorithm restriction (HS256 only)
- Replace weak default JWT secrets
- Fix token blacklist memory leak
- Fix step reorder IDOR vulnerability
- Strengthen password policy (8 chars, mixed case + digit)
Tests:
- 68 tests: auth (17), workflows (26), tenants (25)
- Complete Prisma mock setup with test fixtures
15 lines
471 B
Plaintext
15 lines
471 B
Plaintext
# Database
|
|
DATABASE_URL=postgresql://workflow:CHANGE_DB_PASSWORD@localhost:5432/workflow_portal
|
|
|
|
# JWT Secrets - MUST be changed before deploying!
|
|
# Generate with: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
|
|
JWT_SECRET=GENERATE_A_STRONG_RANDOM_SECRET_HERE
|
|
JWT_REFRESH_SECRET=GENERATE_ANOTHER_STRONG_RANDOM_SECRET_HERE
|
|
|
|
# Server
|
|
PORT=4000
|
|
NODE_ENV=development
|
|
|
|
# CORS - set to your frontend URL in production
|
|
CORS_ORIGIN=http://localhost:3000
|