vvzvlad/gitmost
1
0
Fork 0
Code Issues 14 Pull Requests 12 Packages Projects Releases Activity
Files
3672093f56e2402cb6966636bf503cb91aa12d3d
gitmost/apps/server
History
claude code agent 227 3672093f56 test(mcp): cover X-MCP-Token/clientIp/bearer-type/creds-failure (pure seams) 
Release-cycle test audit: the /mcp auth's constant-time token guard, IP keying,
ACCESS-type pinning, and brute-force message coupling were untested. Extract
behavior-preserving pure helpers so they're testable and cover them:
- sharedTokenMatches: length-mismatch early-returns before timingSafeEqual
  (which throws on unequal lengths); equal-length uses timingSafeEqual; array
  header -> first element; non-string -> false.
- clientIp: req.ip > socket > first XFF hop > 'unknown' (limiter keying).
- bindAccessJwtVerifier: verifyJwt pinned to JwtType.ACCESS (rejects REFRESH).
- CREDENTIALS_MISMATCH_MESSAGE single source of truth shared by
  verifyUserCredentials and isCredentialsFailure, so a reworded auth error can't
  silently disable the /mcp brute-force counter.
- verifyUserCredentials no-side-effect contract asserted via a TS-AST spec
  (AuthService can't load under jest): its body has no createSessionAndToken/
  audit/updateLastLogin while login() has all three.
Extractions are behavior-preserving (reviewed); class delegates to the helpers,
dead code + unused imports removed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-20 14:32:29 +03:00
..
src
test(mcp): cover X-MCP-Token/clientIp/bearer-type/creds-failure (pure seams)
2026-06-20 14:32:29 +03:00
test
feat(ee): page-level access/permissions (#1971)
2026-02-26 19:49:10 +00:00
.dockerignore
fixes
2024-06-07 17:29:34 +01:00
.gitignore
fixes
2024-06-07 17:29:34 +01:00
.prettierrc
switch to nx monorepo
2024-01-09 18:58:26 +01:00
eslint.config.mjs
chore: fix linting (#544)
2024-12-09 14:51:31 +00:00
nest-cli.json
switch to nx monorepo
2024-01-09 18:58:26 +01:00
package.json
0.91.0
2026-06-18 18:07:54 +03:00
README.md
switch to nx monorepo
2024-01-09 18:58:26 +01:00
tsconfig.build.json
switch to nx monorepo
2024-01-09 18:58:26 +01:00
tsconfig.json
feat: cloud and ee (#805)
2025-03-06 13:38:37 +00:00

README.md

Nest Logo

A progressive Node.js framework for building efficient and scalable server-side applications.

NPM Version Package License NPM Downloads CircleCI Coverage Discord Backers on Open Collective Sponsors on Open Collective Support us

Description

Nest framework TypeScript starter repository.

Installation

$ npm install

Running the app

# development
$ npm run start

# watch mode
$ npm run start:dev

# production mode
$ npm run start:prod

Migrations

# This creates a new empty migration file named 'init'
$ npm run migration:create --name=init

# Generates 'init' migration file from existing entities to update the database schema
$ npm run migration:generate --name=init

# Runs all pending migrations to update the database schema
$ npm run migration:run

# Reverts the last executed migration
$ npm run migration:revert

# Reverts all migrations
$ npm run migration:revert

# Shows the list of executed and pending migrations
$ npm run migration:show



## Test

```bash
# unit tests
$ npm run test

# e2e tests
$ npm run test:e2e

# test coverage
$ npm run test:cov

Support

Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please read more here.

Stay in touch

License

Nest is MIT licensed.

Reference in New Issue View Git Blame Copy Permalink