mosaic/stack
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

chore: upgrade Node.js runtime to v24 across codebase #419

Merged
jason.woltje merged 438 commits from fix/auth-frontend-remediation into main 2026-02-17 01:04:47 +00:00
Conversation 0 Commits 438 Files Changed 983 +31 -2
2 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 77d1d14e08 - Show all commits

28
apps/api/src/federation/crypto.service.spec.ts
View File

@@ -2,10 +2,11 @@
* Crypto Service Tests * Crypto Service Tests
*/ */
import { describe, it, expect, beforeEach } from "vitest"; import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing"; import { Test, TestingModule } from "@nestjs/testing";
import { ConfigService } from "@nestjs/config"; import { ConfigService } from "@nestjs/config";
import { CryptoService } from "./crypto.service"; import { CryptoService } from "./crypto.service";
import { Logger } from "@nestjs/common";
describe("CryptoService", () => { describe("CryptoService", () => {
let service: CryptoService; let service: CryptoService;
@@ -137,6 +138,31 @@ describe("CryptoService", () => {
// Act & Assert // Act & Assert
expect(() => service.decrypt(corrupted)).toThrow("Failed to decrypt data"); expect(() => service.decrypt(corrupted)).toThrow("Failed to decrypt data");
}); });
it("should not log sensitive data in error messages", () => {
// Arrange
const loggerErrorSpy = vi.spyOn(Logger.prototype, "error");
const corruptedData = "corrupted:data:here";
// Act & Assert
expect(() => service.decrypt(corruptedData)).toThrow("Failed to decrypt data");
// Verify logger was called with safe message
expect(loggerErrorSpy).toHaveBeenCalled();
const logCall = loggerErrorSpy.mock.calls[0];
// First argument should contain error type but not sensitive data
expect(logCall[0]).toMatch(/Decryption failed:/);
// Should NOT log the actual error object with stack traces
expect(logCall.length).toBe(1); // Only one argument (the message)
// Verify the corrupted data is not in the log
const logMessage = logCall[0] as string;
expect(logMessage).not.toContain(corruptedData);
loggerErrorSpy.mockRestore();
});
}); });
describe("encrypt/decrypt round-trip", () => { describe("encrypt/decrypt round-trip", () => {

5
apps/api/src/federation/crypto.service.ts
View File

@@ -90,7 +90,10 @@ export class CryptoService {
return decrypted; return decrypted;
} catch (error) { } catch (error) {
this.logger.error("Decryption failed", error); // Security: Do not log error details which may contain sensitive data
// Only log error type/code without stack trace or encrypted content
const errorType = error instanceof Error ? error.constructor.name : "Unknown";
this.logger.error(`Decryption failed: ${errorType}`);
throw new Error("Failed to decrypt data"); throw new Error("Failed to decrypt data");
} }
} }