Merge pull request #9 from codebar/chore/add-fallow

chore: add fallow static analysis to CI

Author: mroderick

.fallowrc.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://raw.githubusercontent.com/fallow-rs/fallow/main/schema.json",
+  "entry": ["test/features/*.test.js"],
+  "ignoreDependencies": ["pino"],
+  "ignoreExports": [{ "file": "static/auth-client.js", "exports": ["*"] }]
+}

.github/workflows/ci.yml

@@ -68,6 +68,7 @@ jobs:
       - run: |
           npm run prettier:check
           npm run lint
+          npm run fallow
           npm run db:generate
           npm run db:migrate
 

package-lock.json

@@ -5,6 +5,7 @@
     "dev": "node --watch src/index.js",
     "db:generate": "npx @better-auth/cli generate --yes",
     "db:migrate": "npx @better-auth/cli migrate --yes",
+    "fallow": "fallow",
     "prettier:check": "prettier --check '**/*.{js,css,md,yml}'",
     "prettier:write": "prettier --write '**/*.{js,css,md,yml}'",
     "lint": "eslint .",
@@ -28,6 +29,7 @@
     "@commitlint/config-conventional": "^20.5.0",
     "@eslint/js": "^10.0.1",
     "eslint": "^10.2.0",
+    "fallow": "^2.40.3",
     "globals": "^17.4.0",
     "prettier": "^3.8.1",
     "tap": "^21.6.3"

package.json

@@ -2,21 +2,31 @@ import { test } from "tap";
 import { getTestInstance } from "../helpers/test-instance.js";
 import { createApp } from "../../src/app/app.js";
 
+/**
+ * Make a magic link request to the app
+ * @param {Object} app - Hono app instance
+ * @param {string} email - Email address for the magic link
+ * @returns {Promise<Response>} The response from the request
+ */
+async function makeMagicLinkRequest(app, email) {
+  const formData = new URLSearchParams();
+  formData.append("email", email);
+
+  return app.request("/login/magic-link", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: formData.toString(),
+  });
+}
+
 test("magic links feature tests", async (t) => {
   t.test("user can request magic link", async (t) => {
     const testInstance = await getTestInstance();
     const app = createApp(testInstance.auth);
 
-    const formData = new URLSearchParams();
-    formData.append("email", "magic@example.com");
-
-    const res = await app.request("/login/magic-link", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: formData.toString(),
-    });
+    const res = await makeMagicLinkRequest(app, "magic@example.com");
 
     t.equal(res.status, 302, "redirects after requesting magic link");
     t.match(
@@ -30,16 +40,7 @@ test("magic links feature tests", async (t) => {
     const testInstance = await getTestInstance();
     const app = createApp(testInstance.auth);
 
-    const formData = new URLSearchParams();
-    formData.append("email", "nonexistent@example.com");
-
-    const res = await app.request("/login/magic-link", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: formData.toString(),
-    });
+    const res = await makeMagicLinkRequest(app, "nonexistent@example.com");
 
     // Should still show success to prevent email enumeration
     t.equal(res.status, 302, "redirects after requesting magic link");