#532 security Comment Section : Test Coverage Increase#683
Merged
Conversation
- Add DecompressionMiddleware to handle gzip, brotli, and deflate compression - Implement Content-Encoding header detection and processing - Add comprehensive unit tests with multiple compression format coverage - Support case-insensitive encoding detection - Include error handling for decompression failures - Integrate middleware into main application bootstrap - Add detailed documentation on usage and configuration Acceptance Criteria: ✅ Gzip decompression ✅ Brotli decompression ✅ Deflate decompression ✅ Content-Encoding header handling The middleware: - Uses Node.js built-in zlib module (no external dependencies) - Automatically decompresses request payloads based on Content-Encoding header - Removes Content-Encoding header after decompression - Gracefully handles errors with HTTP 400 responses - Passes through uncompressed or unsupported encoding requests - Skips GET, HEAD, and DELETE requests (no body expected)
- Rename bootstrap to bootstrapWorker for clarity - Add cluster mode support with primary/worker process handling - Add graceful shutdown handling with configurable timeout - Remove redundant comments for cleaner code - Preserve DecompressionMiddleware integration
- Remove unnecessary variable tracking in middleware - Fix type inference for error parameters - Use proper Error type handling with instanceof checks - Remove unused imports from test file - Use PassThrough from stream import instead of require - Simplify stream piping to avoid circular references - Fix shadowed variable name in transform function - Improve error handling with proper type checking
Implements an in-process debugging toolkit for developers: - Request/response inspection: DebugCaptureMiddleware records every exchange into a bounded in-memory ring buffer with header redaction and body truncation; exposed via GET /debug/requests[/:id]. - Request replay: RequestReplayService re-issues a captured request against the running instance (or a custom base URL) and diffs the response status; POST /debug/requests/:id/replay with header/body overrides for replacing redacted credentials. - Performance timeline: TimelineRecorder captures per-phase spans with high-resolution timing; PerformanceTimelineService surfaces slowest hotspots; GET /debug/requests/:id/timeline. - Stack trace enhancement: StackTraceService parses raw V8 stacks into structured frames, flags application vs node_module/internal frames, follows the error cause chain; GET /debug/requests/:id/trace. Capture middleware mounts only outside production (or DEBUG_CAPTURE=true) and excludes /debug/* to avoid recursion. Endpoints are admin-only. Wires DebuggingModule into AppModule.
Implements a PostgreSQL index optimizer that recommends, creates, monitors and retires indexes from the catalog and pg_stat_* views. - Query analysis for index recommendations: QueryAnalysisService finds foreign-key columns lacking a covering index (Postgres does not index FK columns automatically), scores/prioritises them by seq-scan activity from pg_stat_user_tables, and surfaces slow statements from pg_stat_statements when available. - Automatic index creation: IndexCreationService applies recommendations via CREATE INDEX CONCURRENTLY IF NOT EXISTS, caps creations per run, verifies indisvalid and drops invalid concurrent builds. - Index usage monitoring: IndexUsageMonitorService samples pg_stat_user_indexes scan counts/sizes and classifies indexes (primary/unique/constraint-backed). - Stale index removal: StaleIndexService drops unused, sufficiently large indexes via DROP INDEX CONCURRENTLY, never touching primary, unique or constraint-backed indexes. - IndexOptimizationService orchestrates the cycle on a weekly @Cron, inert unless INDEX_OPT_ENABLED=true; every destructive action is gated behind dry-run and explicit auto-create/auto-drop flags. Exposes admin-only endpoints under /database/index-optimization and wires the module plus ScheduleModule.forRoot() into AppModule.
…decompression feat(rinafcode#651): implement request decompression handling
…debugging feat(debugging): add developer debugging toolkit
- Add ETL pipeline service with extract/transform/load stages - Add DataWarehouseService with in-memory store, query, and aggregate - Add BiIntegrationService for report generation and JSON/CSV export - Add DashboardGateway (WebSocket /dashboard namespace) for real-time updates - Add DataPipelineController with REST endpoints for ETL, warehouse, and BI - Wire DataPipelineModule into AppModule - Add 23 unit tests covering all three services - Fix jest.config.js ts-jest tsconfig to include @types/jest types Closes rinafcode#635
- Add API versioning interceptor and module with global response transform - Add global exception filter for standardized error responses - Add OpenAPI spec generation scripts and GitHub Pages deployment workflow - Update controllers to align with versioned API structure - Add flakiness reporter and improve test utilities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(schema): add schema versioning, tracking, diff visualization, and history access
…user-quotas Feat/rate limiting user quotas
…ytics-pipeline-635 feat: implement advanced data analytics pipeline (rinafcode#635)
feat(api): add API versioning, response transforms, and OpenAPI docs
- Register SessionModule globally in AppModule - Redis-backed session store via ioredis with TTL timeout management - Session serialization/deserialization via JSON.stringify/parse - Cross-instance session access via shared Redis client - Distributed lock mechanism for concurrent session safety - Legacy session migration support - Add 13 unit tests covering createSession, getSession, touchSession, removeSession, migrateSession, and withLock Closes rinafcode#641
…ssion-management feat(session): implement distributed session management with Redis
…x-optimization feat(database): add automatic index optimizer
…ode#532) Add comprehensive unit tests for 7 previously untested services (61 tests): - assessment/feedback/feedback-generation.service.spec.ts Tests all three feedback tiers (excellent/good/keep-practicing) and boundary values at exactly 50% and 80%. - assessment/scoring/score-calculation.service.spec.ts Tests MULTIPLE_CHOICE, TRUE_FALSE, CODING question types including correct/wrong/null responses and unknown question type fallback. - moderation/safety/content-safety.service.spec.ts Tests clean content (score=0), each flagged keyword (violence, hate, explicit, spam, scam), score capping at 1.0, case-insensitivity, and empty string input. - moderation/manual/manual-review.service.spec.ts Tests enqueue (create+save), getQueue (pending filter + ordering), and markReviewed (status update). - assessment/assessments.service.spec.ts Tests full CRUD (findAll, findOne, findByIds, create, update, remove), startAssessment, submitAssessment (not-found, timed-out, graded paths), and getResults. - courses/lessons/lessons.service.spec.ts Tests create (module not found), findOne, update, and remove — all including NotFoundException paths. - messaging/messaging.service.spec.ts Tests addMessageToQueue (with/without options, error propagation), processMessages (processor registration), and getQueueStatus. All 61 tests pass. No regressions introduced. Closes rinafcode#532
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked Issue
Closes #532
What does this PR do?
Type of change
Pre-merge checklist (required)
Branch & metadata
feature/issue-<N>-<slug>/fix/issue-<N>-<slug>conventiondevelopormain)Code quality & tests
npm run lint:ci— zero ESLint warningsnpm run format:check— Prettier reports no changes needednpm run typecheck— zero TypeScript errorsnpm run test:ci— all tests pass, coverage ≥ 70%.spec.tsunit testsError handling & NestJS best practices
class-validator/class-transformerdecorators and are wired through NestJS pipes (e.g. globalValidationPipeor explicit)any/unknownreaching the domain)BadRequestException,UnauthorizedException,ForbiddenException,NotFoundException) instead of genericErrorLoggeror central logger service) with meaningful, structured messagesAuthGuard, role/permissions guards, custom guards) are applied to all new/modified endpoints where appropriateAPI documentation / Swagger
/api(or Swagger UI) reflects new/changed endpoints correctlyBreaking changes
Breaking change description (if applicable)
Test evidence (required)
Commands run locally
Manual / API verification
Screenshots / recordings (if applicable)
pr close #682