marcel/familienarchiv
1
0
Fork 0
Code Issues 109 Pull Requests Actions Packages Projects Releases Wiki Activity

test+fix(stammbaum): capture script refuses default creds and non-localhost (#361)

Browse Source 
@Nora + @Tobias on PR #693: defaulting CAPTURE_EMAIL/PASSWORD to
documented admin creds and BACKEND_URL to localhost:8080 means an env-var
slip silently auth's against staging/prod. Make both explicit: refuse to
run unless CAPTURE_EMAIL and CAPTURE_PASSWORD are set, and unless
BACKEND_URL hostname is localhost / 127.0.0.1 / ::1.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-28 20:36:58 +02:00
parent 4f07527b0f
commit 5167a2ae18
2 changed files with 106 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
frontend/scripts/capture-network-fixture.mjs
View File

@@ -12,8 +12,45 @@ import { fileURLToPath } from 'node:url';
import { randomUUID } from 'node:crypto';
const BACKEND_URL = process.env.BACKEND_URL ?? 'http://localhost:8080';
const EMAIL = process.env.CAPTURE_EMAIL ?? 'admin@familyarchive.local';
const PASSWORD = process.env.CAPTURE_PASSWORD ?? 'admin123';
const EMAIL = process.env.CAPTURE_EMAIL;
const PASSWORD = process.env.CAPTURE_PASSWORD;
// Preflight guards: this script writes the canonical Stammbaum fixture from
// a *running* backend with admin-shaped credentials. Two slips would be
// silent disasters — running with default creds against staging/prod, or
// running with a typo'd BACKEND_URL that happens to resolve. Refuse both
// before sending a single byte.
preflight();
function preflight() {
const failures = [];
if (!EMAIL) {
failures.push('CAPTURE_EMAIL must be set explicitly (no default).');
}
if (!PASSWORD) {
failures.push('CAPTURE_PASSWORD must be set explicitly (no default).');
}
if (!isLocalhost(BACKEND_URL)) {
failures.push(
`BACKEND_URL must point at localhost / 127.0.0.1 (got: ${BACKEND_URL}). ` +
'This script is local-only.'
);
}
if (failures.length > 0) {
console.error('Preflight failed:');
for (const f of failures) console.error(` - ${f}`);
process.exit(2);
}
}
function isLocalhost(url) {
try {
const host = new URL(url).hostname;
return host === 'localhost' || host === '127.0.0.1' || host === '::1';
} catch {
return false;
}
}
const HERE = dirname(fileURLToPath(import.meta.url));
const FIXTURE_PATH = `${HERE}/../src/lib/person/genealogy/__fixtures__/stammbaum.json`;