Skip to content

Commit 47bad22

Browse files
codeunia-devcodeunia-dev
authored
Merge pull request #227 from codeunia-dev/security-fixes-and-improvements
Security fixes and improvements
2 parents 8c7d5b6 + f39312b commit 47bad22

File tree

6 files changed

+147
-30
lines changed

6 files changed

+147
-30
lines changed

.github/workflows/ci-cd.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -597,11 +597,11 @@ jobs:
597597
ci: {
598598
collect: {
599599
url: [
600-
'${{ steps.deploy-production.outputs.deployment-url }}/',
601-
'${{ steps.deploy-production.outputs.deployment-url }}/about',
602-
'${{ steps.deploy-production.outputs.deployment-url }}/hackathons',
603-
'${{ steps.deploy-production.outputs.deployment-url }}/leaderboard',
604-
'${{ steps.deploy-production.outputs.deployment-url }}/auth/signin'
600+
'${{ needs.deploy-production.outputs.deployment-url }}/',
601+
'${{ needs.deploy-production.outputs.deployment-url }}/about',
602+
'${{ needs.deploy-production.outputs.deployment-url }}/hackathons',
603+
'${{ needs.deploy-production.outputs.deployment-url }}/leaderboard',
604+
'${{ needs.deploy-production.outputs.deployment-url }}/auth/signin'
605605
],
606606
numberOfRuns: 3,
607607
settings: {
@@ -653,7 +653,7 @@ jobs:
653653
- name: Run Lighthouse CI on deployed site
654654
run: |
655655
echo "🚀 Starting Lighthouse CI performance testing..."
656-
echo "Testing URL: ${{ steps.deploy-production.outputs.deployment-url }}"
656+
echo "Testing URL: ${{ needs.deploy-production.outputs.deployment-url }}"
657657
658658
# Run Lighthouse CI with the deployed configuration
659659
lhci autorun --config=lighthouserc-deployed.js
@@ -715,11 +715,11 @@ jobs:
715715
ci: {
716716
collect: {
717717
url: [
718-
'${{ steps.deploy-staging.outputs.deployment-url }}/',
719-
'${{ steps.deploy-staging.outputs.deployment-url }}/about',
720-
'${{ steps.deploy-staging.outputs.deployment-url }}/hackathons',
721-
'${{ steps.deploy-staging.outputs.deployment-url }}/leaderboard',
722-
'${{ steps.deploy-staging.outputs.deployment-url }}/auth/signin'
718+
'${{ needs.deploy-staging.outputs.deployment-url }}/',
719+
'${{ needs.deploy-staging.outputs.deployment-url }}/about',
720+
'${{ needs.deploy-staging.outputs.deployment-url }}/hackathons',
721+
'${{ needs.deploy-staging.outputs.deployment-url }}/leaderboard',
722+
'${{ needs.deploy-staging.outputs.deployment-url }}/auth/signin'
723723
],
724724
numberOfRuns: 2,
725725
settings: {
@@ -765,7 +765,7 @@ jobs:
765765
- name: Run Lighthouse CI on staging site
766766
run: |
767767
echo "🚀 Starting Lighthouse CI performance testing on staging..."
768-
echo "Testing URL: ${{ steps.deploy-staging.outputs.deployment-url }}"
768+
echo "Testing URL: ${{ needs.deploy-staging.outputs.deployment-url }}"
769769
770770
# Run Lighthouse CI with the staging configuration
771771
lhci autorun --config=lighthouserc-staging.js

app/admin/settings/page.tsx

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
2+
import { Button } from '@/components/ui/button';
3+
import { Settings, Shield, Database, Users, Bell } from 'lucide-react';
4+
5+
export default function AdminSettingsPage() {
6+
return (
7+
<div className="container mx-auto py-6">
8+
<div className="mb-6">
9+
<h1 className="text-3xl font-bold text-gray-900 dark:text-white">
10+
System Settings
11+
</h1>
12+
<p className="text-gray-600 dark:text-gray-400 mt-2">
13+
Configure system-wide settings and preferences
14+
</p>
15+
</div>
16+
17+
<div className="grid gap-6 md:grid-cols-2 lg:grid-cols-3">
18+
<Card>
19+
<CardHeader>
20+
<CardTitle className="flex items-center gap-2">
21+
<Shield className="h-5 w-5" />
22+
Security Settings
23+
</CardTitle>
24+
<CardDescription>
25+
Configure security policies and access controls
26+
</CardDescription>
27+
</CardHeader>
28+
<CardContent>
29+
<Button variant="outline" className="w-full">
30+
Manage Security
31+
</Button>
32+
</CardContent>
33+
</Card>
34+
35+
<Card>
36+
<CardHeader>
37+
<CardTitle className="flex items-center gap-2">
38+
<Database className="h-5 w-5" />
39+
Database Settings
40+
</CardTitle>
41+
<CardDescription>
42+
Manage database connections and backups
43+
</CardDescription>
44+
</CardHeader>
45+
<CardContent>
46+
<Button variant="outline" className="w-full">
47+
Database Config
48+
</Button>
49+
</CardContent>
50+
</Card>
51+
52+
<Card>
53+
<CardHeader>
54+
<CardTitle className="flex items-center gap-2">
55+
<Users className="h-5 w-5" />
56+
User Management
57+
</CardTitle>
58+
<CardDescription>
59+
Configure user roles and permissions
60+
</CardDescription>
61+
</CardHeader>
62+
<CardContent>
63+
<Button variant="outline" className="w-full">
64+
User Settings
65+
</Button>
66+
</CardContent>
67+
</Card>
68+
69+
<Card>
70+
<CardHeader>
71+
<CardTitle className="flex items-center gap-2">
72+
<Bell className="h-5 w-5" />
73+
Notifications
74+
</CardTitle>
75+
<CardDescription>
76+
Configure notification preferences
77+
</CardDescription>
78+
</CardHeader>
79+
<CardContent>
80+
<Button variant="outline" className="w-full">
81+
Notification Settings
82+
</Button>
83+
</CardContent>
84+
</Card>
85+
86+
<Card>
87+
<CardHeader>
88+
<CardTitle className="flex items-center gap-2">
89+
<Settings className="h-5 w-5" />
90+
General Settings
91+
</CardTitle>
92+
<CardDescription>
93+
Basic system configuration
94+
</CardDescription>
95+
</CardHeader>
96+
<CardContent>
97+
<Button variant="outline" className="w-full">
98+
General Config
99+
</Button>
100+
</CardContent>
101+
</Card>
102+
</div>
103+
</div>
104+
);
105+
}

app/admin/test/page.tsx

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
import { TestManager } from '@/components/admin/TestManager';
2+
3+
export default function AdminTestPage() {
4+
return (
5+
<div className="container mx-auto py-6">
6+
<div className="mb-6">
7+
<h1 className="text-3xl font-bold text-gray-900 dark:text-white">
8+
Test Management
9+
</h1>
10+
<p className="text-gray-600 dark:text-gray-400 mt-2">
11+
Manage coding tests, questions, and results
12+
</p>
13+
</div>
14+
15+
<TestManager />
16+
</div>
17+
);
18+
}

app/api/leaderboard/stats/route-unified.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,13 @@
11
import { createClient } from '@supabase/supabase-js';
22
import { UnifiedCache } from '@/lib/unified-cache-system';
33

4-
// Create Supabase client function to avoid build-time initialization
5-
function getSupabaseClient() {
6-
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
7-
const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
8-
return createClient(supabaseUrl, supabaseServiceKey);
9-
}
4+
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
5+
const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
6+
7+
const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey);
108

119
export async function GET() {
1210
try {
13-
const supabaseAdmin = getSupabaseClient();
1411
const stats = await UnifiedCache.cachedQuery(
1512
'leaderboard-stats',
1613
async () => {

app/api/leaderboard/user/[userId]/route-unified.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,19 +2,16 @@ import { NextRequest } from 'next/server';
22
import { createClient } from '@supabase/supabase-js';
33
import { UnifiedCache } from '@/lib/unified-cache-system';
44

5-
// Create Supabase client function to avoid build-time initialization
6-
function getSupabaseClient() {
7-
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
8-
const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
9-
return createClient(supabaseUrl, supabaseServiceKey);
10-
}
5+
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
6+
const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
7+
8+
const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey);
119

1210
export async function GET(
1311
request: NextRequest,
1412
{ params }: { params: { userId: string } }
1513
) {
1614
try {
17-
const supabaseAdmin = getSupabaseClient();
1815
const userId = params.userId;
1916

2017
if (!userId) {

lib/security/csp-config.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,11 @@ export function generateNonce(): string {
3838
export function getCSPConfig(request: NextRequest): CSPConfig {
3939
const nonce = generateNonce();
4040

41-
// Enhanced CSP policy without unsafe directives
41+
// Enhanced CSP policy with Cloudflare Insights support
4242
const policy = [
4343
"default-src 'self'",
44-
"script-src 'self' 'nonce-" + nonce + "' https://vercel.live https://va.vercel-scripts.com",
45-
"style-src 'self' 'nonce-" + nonce + "' https://fonts.googleapis.com",
44+
"script-src 'self' 'nonce-" + nonce + "' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com",
45+
"style-src 'self' 'nonce-" + nonce + "' 'unsafe-inline' https://fonts.googleapis.com",
4646
"font-src 'self' https://fonts.gstatic.com",
4747
"img-src 'self' data: https: blob:",
4848
"connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co",
@@ -77,7 +77,7 @@ export function applyCSPHeaders(response: Response, cspConfig: CSPConfig): Respo
7777
export function getDevelopmentCSP(): string {
7878
return [
7979
"default-src 'self'",
80-
"script-src 'self' 'unsafe-eval' 'unsafe-inline'",
80+
"script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com",
8181
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
8282
"font-src 'self' https://fonts.gstatic.com",
8383
"img-src 'self' data: https: blob:",

0 commit comments

Comments
 (0)