Feat/i18n wave4 audit#872
Open
Thosine-01 wants to merge 957 commits into
Open
Conversation
…e-112-readme-soroban docs: replace Solidity/.sol references with Soroban/Rust in README
…ue-126-cargo-ci ci: add .rustfmt.toml and document cargo fmt/clippy in README
…ue-108-landing-page feat(home): replace scaffold page with LearnVault landing page
…dentials Fix profile real credentials
…tract-upgrades Implement Soroban upgrade path for V1 contracts
…xample-vars docs: add complete env example
…or-states implemented missing empty and error states
feat: add pagination to governance proposals list
feat: centralize contract addresses in src/constants/contracts.ts
fix: Replace LRNBalanceWidget mock data with real LearnToken contract calls bakeronchain#209
feat(treasury): hookify treasury page with /api/treasury/stats + /api…
…t-logger feat(server): add request logging middleware
test: Implement property-based fuzz testing for contracts
Added bundle size analysis to frontend CI
…n-and-health-monitoring
…nnection-pooling-configuration-and-health-monitoring Add database connection pooling configuration and health monitoring
…er-tests test: add integration tests for event indexer and poller bakeronchain#578
…ibility-aria-labels Feat/accessibility aria labels
Implement course browsing, lesson viewing, and wallet connection
- Enforce RS256 exclusively; remove hardcoded HS256 fallback secret from admin and course-admin middlewares (production already blocked HS256, now development no longer falls back to a known-constant secret) - Add iss (learnvault) and aud (learnvault-api) claims to every signed token and validate them on verification to prevent token substitution across services - Add jti (UUID) claim to every token to support future revocation tracking - Validate RSA public key is >= 2048 bits at server startup - Expose ephemeral dev keys to process.env so standalone middlewares use RS256 instead of HS256 even in key-less development mode - Add jwt.service.test.ts covering: HS256 rejection, wrong iss/aud rejection, missing jti/sub rejection, expired token rejection, and valid round-trip - Update admin-milestones.test.ts to set JWT_SECRET explicitly (no longer relies on removed hardcoded fallback) - Document key rotation procedure in .env.example
- Enforce RS256 exclusively; remove hardcoded HS256 fallback secret from admin and course-admin middlewares (production already blocked HS256, now development no longer falls back to a known-constant secret) - Add iss (learnvault) and aud (learnvault-api) claims to every signed token and validate them on verification to prevent token substitution across services - Add jti (UUID) claim to every token to support future revocation tracking - Validate RSA public key is >= 2048 bits at server startup - Expose ephemeral dev keys to process.env so standalone middlewares use RS256 instead of HS256 even in key-less development mode - Add jwt.service.test.ts covering: HS256 rejection, wrong iss/aud rejection, missing jti/sub rejection, expired token rejection, and valid round-trip - Update admin-milestones.test.ts to set JWT_SECRET explicitly (no longer relies on removed hardcoded fallback) - Document key rotation procedure in .env.example
Replace Morgan + raw console.* calls with pino throughout the server.
- Add pino and pino-pretty dependencies; remove unused morgan and @types/morgan
- Create src/lib/logger.ts: central pino logger with JSON output in production,
pretty-print in development, silent in tests; LOG_LEVEL env var support
- Add maskAddress() helper to truncate Stellar wallet addresses in logs
(first 4 + last 4 chars) so full addresses are never logged as PII
- Replace 55 console.log/warn/error calls across all controllers, services,
middleware, routes, db, and workers with typed pino child loggers
(logger.child({ module: 'xxx' })) preserving structured { err } objects
- Update request-logger.middleware.ts to use pino as default logger while
keeping the injectable interface for tests
- Remove dead morgan import from index.ts
- Fix admin-milestones.controller.test.ts to set process.env.JWT_SECRET
explicitly (no hardcoded fallback exists since JWT security PR)
- Document LOG_LEVEL env var and log rotation via logrotate/pino-roll in
.env.example
Covers form validation, navigation, API submission, and confirmation across all five wizard steps with 21 passing test cases.
…ance-improvements perf/fix: compression, CI fixes, migration idempotency, TypeScript bu…
…implementation security: audit and harden JWT implementation (bakeronchain#716)
…gging-pino Devops/structured logging pino
…ly-tests Feat/scholarship apply tests
…following Feat/749 social following
…xss-hardening security: harden markdown rendering and add CSP
Author
|
I notice you just unassign me this issue. Is there something I did wrong. I guess i didnt really understand the issue so i over did it. been on it for days |
Contributor
|
can you apply to Hazina-Escrow? @Thosine-01 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #764
Full i18n audit of the frontend. Extracts all hardcoded strings into
src/locales/en.json, wires up components to use translation keys,adds
i18next-scannerto CI, and introduces pseudo-locale testing.Changes
src/locales/en.jsonactivity,comments,course,lesson,forum,milestone,celebration,onboarding,quiz,errors,search,notifications,language,footer,common,scholarship,pages.dashboard,pages.donor,pages.treasury,pages.courses,pages.history,pages.community,pages.peerReview,pages.admin,pages.credential,pages.wiki,pages.notFoundsrc/i18n.tsComponents updated
NavBar.tsx— nav links, aria labels, mobile menuActivityFeed.tsx— event labels, empty state, load moreConnectWalletGuard.tsx— connect promptCommentCard.tsx— all actions, errors, confirmationsCommentSection.tsx— sort labels, post/reply actionsCourseCard.tsx— difficulty labels, enroll/continue buttonsNotificationBell.tsx— panel title, mark all read, empty stateWalletInfoModal.tsx— asset labels, disconnect buttonErrorBoundary.tsx— error messages and actionsFooter.tsx— powered by, copyrightdonor/EmptyState.tsx— full donor onboarding copydonor/ActiveVotes.tsx— vote labels and empty statedonor/MyContributions.tsx— contribution history labelsdonor/GovernancePower.tsx— governance stats labelsdonor/ScholarsFunded.tsx— scholar progress labelsforum/ThreadList.tsx— all forum actions and statesforum/ThreadDetail.tsx— replies, delete confirmationsPages updated
Dashboard.tsx— stats, empty states, connect promptNew files
i18next-scanner.config.js— scanner configuration at project rootscripts/generate-pseudo-locale.mjs— generatessrc/locales/pseudo.json.github/workflows/frontend-ci.ymlCheck translation keysstep between Lint and Testen.jsoncontains__MISSING__valuesi18next-scanner.config.jsChecklist
src/locales/en.jsoni18next-scannerto CI to detect missing translation keys