Skip to content

Commit d644fa6

Browse files
committed
Merge branch 'develop' of https://github.com/PalisadoesFoundation/talawa-api into test/deleteAgendaFolder
2 parents d0eb900 + bc13e37 commit d644fa6

912 files changed

Lines changed: 113969 additions & 19035 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.coderabbit.yaml

Lines changed: 133 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,139 @@ reviews:
2020
- develop
2121
- main
2222
path_filters:
23-
- '!**/docs/docs/**'
23+
- "!**/docs/docs/**"
2424
- "!*.html"
2525
- "!*.md"
2626
- "!*.svg"
27+
path_instructions:
28+
- path: "**/*"
29+
instructions: |
30+
Full review
31+
32+
Perform a comprehensive analysis and reevaluate all resolved items with the following criteria:
33+
34+
1. **Test Coverage Analysis:**
35+
1. For each modified or new test file, verify:
36+
1. Tests follow the mercuriusClient integration test pattern (preferred over vi.mock unit tests) with proper GraphQL document nodes
37+
2. All edge cases and use cases are covered (success paths, error paths, boundary conditions, authentication/authorization checks)
38+
3. Test assertions are correct and meaningful
39+
4. 100% code coverage is achieved for the associated implementation files
40+
5. No redundant or duplicate test cases exist
41+
6. Test files are in the correct location (e.g., test/graphql/types/Mutation/ not test/routes/graphql/Mutation/)
42+
43+
2. For each modified or new source file, identify:
44+
- Specific lines of code lacking test coverage (list exact line numbers)
45+
- Functions, branches, or conditions that need additional test cases
46+
- Mock/stub requirements that may be missing
47+
- Error scenarios that are not covered (invalid arguments, resource not found, permission denied, etc.)
48+
49+
2. **Documentation & Code Comments:**
50+
1. Verify auto-generated documentation is updated (as enforced by Check-AutoDocs job)
51+
2. Check for adequate JSDoc comments on public functions and complex logic
52+
3. Ensure README.md or related docs are updated if new features are added
53+
4. Validate that Table of Contents is updated (as required by pre-commit hooks)
54+
55+
3. **Identify Issues:**
56+
1. Lines of code that are missing tests (list specific line numbers)
57+
2. Any unnecessary files that have been submitted (build artifacts, node_modules, .env files, IDE configs)
58+
3. Unused imports or dead code (as checked by knip)
59+
4. Console.log statements or debug code left in production files
60+
5. Files that should be excluded from the PR scope
61+
62+
4. **PR Requirements Validation:**
63+
1. Verify the PR meets the requirements of the linked issue:
64+
1. All acceptance criteria are addressed
65+
2. No out-of-scope changes are included
66+
2. Validate compliance with all previously suggested improvements and comments:
67+
1. All review comments have been addressed
68+
2. Requested changes have been implemented correctly
69+
3. Check PR metadata:
70+
1. Proper title and description
71+
2. Linked to appropriate issue(s)
72+
3. Target branch is correct (typically `develop`)
73+
4. Verify no sensitive information is exposed (as checked by Check-Sensitive-Files job)
74+
75+
5. **CI/CD Pipeline Compatibility:**
76+
1. Validate that code changes won't break any of the 17+ CI jobs
77+
2. Ensure pre-commit hook requirements are met:
78+
1. Code formatting (Prettier)
79+
2. Linting (ESLint)
80+
3. Type checking (TypeScript)
81+
3. Check that changes don't introduce performance regressions for the 12-shard test execution
82+
4. Note: codecov/project may fail when adding comprehensive tests due to meta-coverage (test code branches not covered by meta-tests) - this is expected if codecov/patch passes
83+
84+
6. **Security & Best Practices:**
85+
1. No security vulnerabilities introduced
86+
2. No exposed API keys, tokens, or credentials
87+
3. Proper input validation and sanitization
88+
4. No SQL injection or XSS vulnerabilities in any data handling
89+
5. Proper error handling without leaking sensitive information
90+
91+
7. **Code Quality Assessment:**
92+
1. Identify any files that should be excluded:
93+
1. Accidentally committed files (IDE configs, env files, temporary files)
94+
1. Files unrelated to the PR scope
95+
1. Generated files that should be in .gitignore
96+
97+
8. **Implementation Correctness:**
98+
1. For the specific implementation file(s) being tested:
99+
1. Verify the implementation logic is correct and free of bugs
100+
1. Validate that queries target the correct database tables/entities (e.g., ensure tagsTable vs tagFoldersTable is correct)
101+
1. Check that foreign key relationships are correctly enforced
102+
1. Confirm business logic constraints are properly implemented
103+
1. Verify proper error handling and status codes
104+
1. **CRITICAL:** Any bugs, logic errors, or incorrect implementations discovered in the file(s) under test MUST be fixed in this PR before approval
105+
106+
9. **Requirement Validation:**
107+
1. Verify the PR fully addresses the linked issue:
108+
1. All acceptance criteria from the issue are met
109+
1. Implementation matches the described solution approach
110+
1. No scope creep or unrelated changes are included
111+
112+
10. **Compliance:**
113+
1. Confirm compliance with all previous review feedback:
114+
1. All resolved comments have been properly addressed
115+
1. No regressions of previously suggested improvements
116+
1. Coding standards and conventions are followed consistently
117+
118+
11. **Review Decision Criteria:**
119+
1. **Request Changes** when ANY of the following apply:
120+
- Missing test coverage or invalid/insufficient tests
121+
- Code quality issues, security concerns, or bugs
122+
- Incomplete implementation of issue requirements
123+
- Bugs or logic errors in the implementation file(s) under test
124+
- Non-compliance with previous feedback
125+
- Presence of unnecessary files
126+
- Failing CI checks that need code changes
127+
128+
2. **Approve** ONLY when ALL of these are satisfied:
129+
- Complete test coverage (≥95% for new/modified code, ≥80% overall)
130+
- All tests follow proper patterns (mercuriusClient integration tests with proper structure)
131+
- No code quality issues, security concerns, or bugs
132+
- Full implementation of issue requirements
133+
- Implementation file(s) under test are correct and bug-free
134+
- Compliance with all previous feedback
135+
- No unnecessary files
136+
- All CI checks passing or failures are unrelated to this PR
137+
138+
12. **Approval Process:**
139+
1. Only append the [approve] tag when you are approving, specifically when:
140+
1. All criteria in section 11.2 above are fully satisfied
141+
1. The implementation file(s) under test are correct and bug-free
142+
1. Zero changes are required (not even trivial ones)
143+
1. You are confident the PR is ready to merge
144+
145+
13. **Focus Areas:**
146+
1. Prioritize substantive issues over minor stylistic suggestions
147+
1. Focus on issues that would cause CI pipeline failures or production bugs
148+
1. Highlight any deviations from established codebase patterns (e.g., incorrect test file locations, wrong testing patterns)
149+
1. Consider the scope: test-focused PRs should maintain clear boundaries, but implementation bugs in files being tested must be fixed
150+
151+
**Important Notes:**
152+
1. Test-focused PRs should maintain clear scope boundaries. However, this does NOT exempt bugs in the specific file(s) being tested - those must be fixed in the same PR to ensure testing achieves its goal: validate AND fix implementation correctness. Only bugs in unrelated files may be deferred to separate issues.
153+
1. If codecov/project fails but codecov/patch passes, note that this is often due to meta-coverage issues (test code branches not covered by meta-tests) and may be acceptable.
154+
1. When suggesting test improvements, prefer mercuriusClient integration tests with proper GraphQL document nodes over vi.mock unit tests, following the repository's testing philosophy.
155+
156+
issue_enrichment:
157+
auto_enrich:
158+
enabled: false

.github/codeql/codeql-config.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
name: "CodeQL Config for Talawa API"
2+
3+
# Disable specific queries
4+
disable-default-queries: false
5+
6+
query-filters:
7+
- exclude:
8+
id: js/insufficient-password-hash
9+
10+
# Additional documentation
11+
# This suppresses a false positive where CodeQL flags HMAC-SHA256 hashing
12+
# of cryptographically random tokens (256 bits entropy) in passwordResetTokenUtils.ts.
13+
# HMAC-SHA256 is the correct algorithm for random token hashing, not user password hashing.

.github/workflows/codeql-codescan.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ jobs:
4242
uses: github/codeql-action/init@v2
4343
with:
4444
languages: ${{ matrix.language }}
45+
config-file: ./.github/codeql/codeql-config.yml
4546
debug: true
4647

4748
- name: Autobuild

.github/workflows/pull-request-review.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ jobs:
1111
permissions:
1212
pull-requests: read
1313
steps:
14+
- name: Sleep for 30 seconds to make sure the review status propagates
15+
run: sleep 30s
16+
shell: bash
1417
- name: Check CodeRabbit approval using GitHub Script
1518
uses: actions/github-script@v7
1619
with:

.github/workflows/pull-request.yml

Lines changed: 88 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ jobs:
254254
- name: Setup Node.js
255255
uses: actions/setup-node@v4
256256
with:
257-
node-version: "22.x"
257+
node-version: "24.x"
258258
- name: Setup pnpm
259259
uses: pnpm/action-setup@v4
260260
- name: Install dependencies
@@ -882,6 +882,93 @@ jobs:
882882
working-directory: ./docs
883883
run: pnpm build
884884

885+
Check-Sample-Data:
886+
name: Check If Sample Data Script Executes Successfully
887+
timeout-minutes: 5
888+
runs-on: ubuntu-latest
889+
needs: [Run-Tests]
890+
steps:
891+
- name: Checkout Backend
892+
uses: actions/checkout@v4.2.2
893+
894+
- name: Setup Devcontainer
895+
run: |
896+
npm install -g @devcontainers/cli
897+
cp envFiles/.env.devcontainer .env
898+
devcontainer up --workspace-folder .
899+
echo "Devcontainer started"
900+
- name: Wait for Postgres in devcontainer before migrations
901+
run: |
902+
set -euo pipefail
903+
POSTGRES_USER=postgres
904+
echo "Waiting for Postgres service via compose..."
905+
timeout=90
906+
until docker compose exec -T postgres pg_isready -h localhost -p 5432 -U "$POSTGRES_USER" >/dev/null 2>&1 || [ "$timeout" -le 0 ]; do
907+
echo "Postgres not ready ($timeout s left)"
908+
sleep 1
909+
((timeout--))
910+
done
911+
if [ "$timeout" -eq 0 ]; then
912+
echo "Error: Postgres failed to start"
913+
docker compose ps
914+
docker compose logs postgres
915+
exit 1
916+
fi
917+
918+
- name: Apply Database Migrations
919+
run: |
920+
docker exec talawa-api-1 /bin/bash -c 'pnpm apply_drizzle_migrations'
921+
922+
- name: Start Backend Server
923+
run: |
924+
docker exec -d talawa-api-1 /bin/bash -c 'pnpm run start_development_server'
925+
926+
- name: Wait for Backend to be Ready
927+
run: |
928+
echo "Waiting for backend at http://localhost:4000/healthcheck"
929+
930+
TIMEOUT=60
931+
INTERVAL=3
932+
ELAPSED=0
933+
934+
until docker exec talawa-api-1 curl -sf http://localhost:4000/healthcheck > /dev/null; do
935+
if [ "$ELAPSED" -ge "$TIMEOUT" ]; then
936+
echo "Backend failed to start within ${TIMEOUT}s"
937+
echo "=== Backend container logs ==="
938+
docker logs talawa-api-1 --tail 100
939+
exit 1
940+
fi
941+
echo "Backend not ready yet... (${ELAPSED}s)"
942+
sleep $INTERVAL
943+
ELAPSED=$((ELAPSED + INTERVAL))
944+
done
945+
946+
echo "Backend is up and responding"
947+
948+
- name: Seed Sample Data
949+
run: |
950+
set -euo pipefail
951+
echo "=== Seeding Sample Data ==="
952+
if docker exec talawa-api-1 /bin/bash -c 'set -a; source ./.env; set +a; pnpm run add:sample_data'; then
953+
echo "Seeding completed successfully"
954+
else
955+
echo "Seeding failed"
956+
echo "=== Container status ==="
957+
docker ps | grep talawa || true
958+
echo "=== Backend logs ==="
959+
docker logs talawa-api-1 --tail 50
960+
echo "=== Users table contents ==="
961+
docker exec talawa-postgres-1 psql -U talawa -d talawa \
962+
-c "SELECT id, email_address, name, role FROM users;" \
963+
2>/dev/null || echo "Could not query users"
964+
exit 1
965+
fi
966+
967+
- name: Cleanup - Free ports by stopping containers
968+
if: always()
969+
run: |
970+
docker compose down
971+
885972
Check-App-Startup:
886973
name: Check App Startup and Health
887974
runs-on: ubuntu-latest

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -841,6 +841,8 @@ yarn.lock
841841

842842
# FNM
843843
.node-version
844+
.nvmrc
845+
844846

845847
# Plugin related
846848
/src/plugin/available/*

.nvmrc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
24.12.0

biome.jsonc

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2,22 +2,26 @@
22
{
33
// https://biomejs.dev/reference/configuration/#schema
44
"$schema": "./node_modules/@biomejs/biome/configuration_schema.json",
5+
// GritQL plugin for escapeHTML enforcement (see biome_plugins/require_escapeHTML.grit)
6+
"plugins": ["./biome_plugins/require_escapeHTML.grit"],
57
// https://biomejs.dev/reference/configuration/#files
68
"files": {
79
// https://biomejs.dev/reference/configuration/#filesignore
8-
"ignore": [
9-
"./drizzle_migrations",
10-
"./node_modules",
11-
"./package.json",
12-
"./pnpm-lock.yaml",
13-
"./schema.graphql",
14-
"./test/graphql/types/gql.tada.d.ts",
15-
"./test/graphql/types/gql.tada-cache.d.ts",
16-
"./docs/tsconfig.json",
17-
"./docs/docusaurus.config.ts",
18-
"./docs/src/**",
19-
"./docs/sidebars.ts",
20-
"./sample_data/**"
10+
"includes": [
11+
"**",
12+
"!drizzle_migrations",
13+
"!node_modules",
14+
"!package.json",
15+
"!pnpm-lock.yaml",
16+
"!schema.graphql",
17+
"!test/graphql/types/gql.tada.d.ts",
18+
"!test/graphql/types/gql.tada-cache.d.ts",
19+
"!docs/tsconfig.json",
20+
"!docs/docusaurus.config.ts",
21+
"!docs/src",
22+
"!docs/sidebars.ts",
23+
"!sample_data",
24+
"!**/*.grit"
2125
],
2226
// https://biomejs.dev/reference/configuration/#filesignoreunknown
2327
"ignoreUnknown": true
@@ -28,9 +32,12 @@
2832
"enabled": true
2933
},
3034
// https://biomejs.dev/reference/configuration/#vcs
31-
"organizeImports": {
32-
// https://biomejs.dev/reference/configuration/#organizeimportsenabled
33-
"enabled": true
35+
"assist": {
36+
"actions": {
37+
"source": {
38+
"organizeImports": "on"
39+
}
40+
}
3441
},
3542
// https://biomejs.dev/reference/configuration/#vcs
3643
"vcs": {

biome_plugins/README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Biome Plugins
2+
3+
This directory contains custom [GritQL](https://docs.grit.io/) plugins for [Biome](https://biomejs.dev/).
4+
5+
For detailed documentation on the active plugins and their impact on testing, please refer to the [Testing & Validation documentation](../docs/docs/docs/developer-resources/testing/testing-validation.md#biome-plugins).
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
// GritQL plugin to detect Pothos string resolvers that might need escapeHTML()
2+
//
3+
// IMPORTANT: GritQL comments are stripped from AST - cannot use disable comments.
4+
// To exclude files, use Biome's linter.rules configuration in biome.jsonc.
5+
//
6+
// This is a diagnostic-only rule. It warns but cannot auto-fix.
7+
//
8+
// Examples:
9+
//
10+
// Triggers warning:
11+
// t.string({
12+
// resolve: (parent) => parent.bio // No escapeHTML
13+
// })
14+
//
15+
// Does NOT trigger warning:
16+
// t.string({
17+
// resolve: (parent) => escapeHTML(parent.bio)
18+
// })
19+
20+
// Match t.string with resolve function, flag if no escapeHTML call inside
21+
`t.string({ $props })` where {
22+
$props <: contains `resolve: $resolver`,
23+
not $resolver <: contains `escapeHTML($arg)`,
24+
register_diagnostic(span=$props, message="String resolver may need escapeHTML() for XSS prevention. Import from '~/src/utilities/sanitizer'.", severity="warn")
25+
}

0 commit comments

Comments
 (0)