-
Notifications
You must be signed in to change notification settings - Fork 0
Security/p0 hardening #17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
6d5cb47
fix(db): restore migration replay-from-scratch by deferring translati…
dmitrovasheka bbf5f94
docs: project review 2026-06-11 — corrected plans, P0-P4 priorities, …
dmitrovasheka a943c5d
chore(security): repo hygiene — untrack logs, env-driven prod URL/adm…
dmitrovasheka bf2ad92
feat(security): AdminApiKeyGuard on queues, embeddings and tmdb impor…
dmitrovasheka c0bc964
feat(security): Supabase JWT auth on user endpoints, user_id from token
dmitrovasheka ccaaa87
feat(security): global rate limiting via @nestjs/throttler
dmitrovasheka ccff221
feat(security): global ValidationPipe + DTOs for chat, watchlist, que…
dmitrovasheka ae7f527
docs: document ADMIN_API_KEY in .env.example
dmitrovasheka a147727
docs: portable session memory (CLAUDE.md, session resume) + key rotat…
dmitrovasheka aa4257b
fix(security): address CodeRabbit review on p0-hardening
dmitrovasheka File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # CLAUDE.md — контекст проекта для Claude Code | ||
|
|
||
| Этот файл коммитится в git и служит переносимой «памятью» между машинами/сессиями. | ||
|
|
||
| ## Что это за проект | ||
| Movie Recommendr — портфолио-проект: рекомендации фильмов/сериалов с AI (RAG, pgvector embeddings, GPT-чат). Монорепо pnpm + Turbo. | ||
|
|
||
| - `apps/api` — NestJS 11 (port 3001), Supabase (PostgreSQL + pgvector), BullMQ + Redis, OpenAI | ||
| - `apps/web` — Next.js 14 App Router (port 3002), React Query, next-intl (en/ru/uk), Supabase Auth | ||
| - `packages/db` — Supabase клиенты (`supabase` service-key, `supabaseAnon`) + generated types | ||
| - `packages/ai` — OpenAI обёртка | ||
| - Production: API на Railway, Web на Vercel | ||
|
|
||
| ## Ключевые документы (читать в этом порядке) | ||
| 1. `SESSION_RESUME.md` — текущее состояние и следующий шаг (обновлять в конце сессии!) | ||
| 2. `IMPROVEMENTS.md` — ЕДИНСТВЕННЫЙ живой план (приоритеты P0–P4, разделы 17–19 добавлены при ревизии) | ||
| 3. `docs/PROJECT_REVIEW_2026-06-11.md` — полное ревью архитектуры и проблем | ||
| 4. `docs/superpowers/specs/2026-05-01-smart-search-design.md` — спека smart-search (Phase 1 в работе) | ||
| 5. `WORKFLOW_RULES.md` — процессные правила (новые фичи: сначала показать код, ждать подтверждения; багфиксы и docs — можно сразу) | ||
| 6. ROADMAP.md, NEW_IMPROVEMENTS_SUMMARY.md — архив, не использовать для планирования | ||
|
|
||
| ## Команды | ||
| ```bash | ||
| pnpm dev # из apps/api или apps/web (нужен Redis: redis://localhost:6379) | ||
| pnpm build # сборка | ||
| pnpm test # jest (apps/api) | ||
| npx tsc --noEmit # typecheck | ||
| ``` | ||
| Env загружается из корневого `.env` (см. `.env.example`; в т.ч. ADMIN_API_KEY). | ||
|
|
||
| ## Безопасность (внедрено 2026-06-11, ветка security/p0-hardening) | ||
| - `/api/queues/*`, `/api/embeddings/*`, import-POST'ы `/api/tmdb/*` — guard `AdminApiKeyGuard` (заголовок `X-Admin-Api-Key` = env `ADMIN_API_KEY`, fail-closed) | ||
| - watchlist/chat/recommendations(кроме popular)/users — `SupabaseAuthGuard`: user_id берётся ТОЛЬКО из JWT (`@CurrentUser()`), никогда из query/body | ||
| - Rate limiting: глобально 100/мин (env RATE_LIMIT_*), chat 10/мин, search 30/мин | ||
| - Глобальный ValidationPipe (whitelist+transform) + DTO в `*/dto/` | ||
| - При добавлении новых эндпоинтов СОХРАНЯТЬ эти паттерны | ||
|
|
||
| ## Известные ловушки | ||
| - `apps/api/src/queues/processors/imdb-update.processor.ts` — НЕ компилируется (вызывает несуществующие методы tmdbService.updateMoviesImdbIds/updateTvShowsImdbIds). Это WIP для IMPROVEMENTS §15. Не регистрирован в модуле. Перед `nest build` учитывать. | ||
| - Тестов мало (26); TDD обязателен для нового кода (superpowers skill) | ||
| - Миграции в репо неполные — БД не воспроизводится с нуля (см. review §2.5) | ||
| - KEY_ROTATION_GUIDE.md и SECURITY_AUDIT_REPORT.md упомянуты в IMPROVEMENTS, но в репо отсутствуют; актуальный чеклист: `docs/KEY_ROTATION_CHECKLIST.md` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,79 +1,62 @@ | ||
| # Movie Recommendr - Current Project Status | ||
|
|
||
| **Last Updated:** 2026-01-10 | ||
| **Last Updated:** 2026-06-11 (ревизия — см. `docs/PROJECT_REVIEW_2026-06-11.md`) | ||
|
|
||
| --- | ||
|
|
||
| ## Overall Progress | ||
|
|
||
| ``` | ||
| Day 0: ████████████████████ 100% Complete | ||
| Day 1: ████████████████████ 100% Complete | ||
| Day 2: ████████████████████ 100% Complete | ||
| Day 3: ████████████████████ 100% Complete | ||
| Day 4: ████████████████████ 100% Complete | ||
| Day 5: ████████████████████ 100% Complete | ||
| Day 6-7: ████████████████████ 100% Complete | ||
| Day 8-10: ████████████████████ 100% Complete ✅ | ||
| Day 11-12: ████████████████████ 100% Advanced AI Complete! ✅ | ||
| Day 13-14: ████████████████████ 100% Deployment Complete! ✅ | ||
| Improvements: ██████████░░░░░░░░░░ 50% In Progress | ||
| MVP (Day 0-14): ████████████████████ 100% Complete (deployed) | ||
| Localization: ████████████████░░░░ 80% (en/ru готовы; uk/pl UI и backfill переводов — нет) | ||
| TV Shows: ████████████████████ 100% (страницы, watchlist, API, infinite scroll) | ||
| Import queues: ██████████████████░░ 90% (ротация категорий есть; prod-расписание и алерты — нет) | ||
| Smart Search Ph.1: ████░░░░░░░░░░░░░░░░ 20% (types + RRF + 1 тест; extractor/retrieval — нет) | ||
| Security hardening: ░░░░░░░░░░░░░░░░░░░░ 0% 🔴 (нет guards/throttler/validation; ключи не ротированы) | ||
| CI/CD & Tests: █░░░░░░░░░░░░░░░░░░░ 5% (1 тест-файл, нет GitHub Actions) | ||
| ``` | ||
|
Comment on lines
9
to
17
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add a language identifier to the fenced block. The fenced block at Line 9 is missing a language tag ( Suggested patch-```
+```text
MVP (Day 0-14): ████████████████████ 100% Complete (deployed)
...
-```
+```🧰 Tools🪛 markdownlint-cli2 (0.22.1)[warning] 9-9: Fenced code blocks should have a language specified (MD040, fenced-code-language) 🤖 Prompt for AI AgentsSource: Linters/SAST tools |
||
|
|
||
| --- | ||
|
|
||
| ## ✅ Search Autocomplete (Complete) | ||
|
|
||
| ### What's Done: | ||
| - ✅ **Backend:** Added `autocomplete` method to `MoviesService` using fast SQL `ILIKE` search. | ||
| - ✅ **API Endpoint:** Created `GET /api/movies/autocomplete` (and verified route order priority). | ||
| - ✅ **Frontend Client:** Added `autocompleteMovies` to the API client. | ||
| - ✅ **React Hook:** Created `useAutocomplete` with debouncing and caching. | ||
| - ✅ **UI Component:** Completely overhauled `SearchBar.tsx` with a live suggestions dropdown, posters, and direct navigation. | ||
| > Примечание: ранее здесь значилось «Day 13-14 (Testing, CI/CD) — 100% Complete» — это не соответствовало действительности и исправлено при ревизии. | ||
|
|
||
| --- | ||
|
|
||
| ## ✅ Massive Data Import (Complete) | ||
| ## ✅ Что работает (production) | ||
|
|
||
| ### What's Done: | ||
| - ✅ **Years 1990-2024:** Performed a systematic import of the top 40 most popular movies for every year. | ||
| - ✅ **Total Database Size:** Successfully scaled the database from ~350 to **1675 movies**. | ||
| - ✅ **Embeddings:** All 1675 movies have vector embeddings generated for AI features. | ||
| - ✅ **Metadata:** Enriched metadata (cast, crew, keywords) imported for all new records. | ||
| - **Backend (Railway):** NestJS — movies, tv-shows, watchlist, recommendations, chat (RAG), embeddings, queues (BullMQ + Redis) | ||
| - **Frontend (Vercel):** Next.js 14 App Router — home, discover, movies/[id], tv-shows, tv-shows/[id], watchlist, recommendations, chat, auth; next-intl (en/ru) | ||
| - **База:** 1675+ фильмов + сериалы, 100% embeddings, translations JSON (en/ru/uk), import_progress + ротация категорий | ||
| - **Language support:** 11/11 API endpoints принимают `language` | ||
|
|
||
| --- | ||
| ## 🟡 В работе / частично | ||
|
|
||
| ## ✅ Localization (Complete) | ||
| - **Smart Search Phase 1** — фундамент закоммичен (`apps/api/src/smart-search/`: types, RRF); остальной пайплайн по спеке не реализован | ||
| - **IMDb integration (#15)** — `imdb-update.processor.ts` написан, но не закоммичен; план в IMPROVEMENTS.md §15 | ||
| - **Backfill переводов** — обновлено ~20 фильмов из 1675 | ||
| - **Production cron-расписание импорта** — endpoints готовы, расписание не включено (см. PRODUCTION-QUICKSTART.md) | ||
|
|
||
| ### What's Done: | ||
| - ✅ **Infrastructure:** Integrated `next-intl` for Next.js i18n support. | ||
| - ✅ **Routing:** Implemented locale-prefixed routing (e.g., `/en`, `/ru`) with a dynamic `[locale]` segment. | ||
| - ✅ **Middleware:** Unified Supabase auth session management with locale-aware routing. | ||
| - ✅ **Translations:** Created comprehensive translation files (`en.json`, `ru.json`) covering all app modules. | ||
| - ✅ **UI Components:** Localized global components including `Navbar`, `Navigation`, `MovieCard`, and `WatchlistButton`. | ||
| - ✅ **Pages:** Fully translated all core pages: Home, Discover, Movie Details, Watchlist, Recommendations, Chat, and Auth. | ||
| - ✅ **Language Switcher:** Added a functional EN/RU toggle in the navigation system. | ||
| ## 🔴 Критические долги (P0 — см. IMPROVEMENTS.md §17) | ||
|
|
||
| --- | ||
| 1. Ротация exposed-ключей — **просрочена с 2026-01-16** | ||
| 2. `/api/queues/*` (17 write-эндпоинтов) — без авторизации на публичном prod URL | ||
| 3. User-эндпоинты принимают `user_id` параметром без проверки JWT | ||
| 4. Нет rate limiting и ValidationPipe | ||
| 5. Лог-файлы закоммичены в git; production-скрипты НЕ закоммичены | ||
|
|
||
| ## 🎯 Next Improvements Priorities | ||
| --- | ||
|
|
||
| **1. "Why This Movie?" UI (NEXT FOCUS):** | ||
| - Add explanation buttons to movie cards/details. | ||
| - Create modal for AI-generated reasoning using the `/api/movies/:id/explain` endpoint. | ||
| ## 🎯 Next Steps (порядок — по приоритизации IMPROVEMENTS.md) | ||
|
|
||
| **2. Search Refinement:** | ||
| - Add filters for genres, release years, and ratings to the Discover page. | ||
| - Implement sorting options (popularity, rating, date). | ||
| 1. **P0 Security hardening** (§17): ключи → guards → throttler → validation → гигиена репо | ||
| 2. **P1 Инженерная база** (§18): GitHub Actions CI, тесты core-сервисов, Node 20 / Redis 6.2+, Sentry, учёт OpenAI-расходов | ||
| 3. **P2 Продукт:** Smart Search Phase 1 до конца → Movie Explanations UI → backfill переводов | ||
|
|
||
| --- | ||
|
|
||
| ## 📊 Current Metrics | ||
|
|
||
| **Database:** | ||
| - Movies: 1675 (with 100% embedding coverage) ✅ | ||
| - Tables: 5 (users, movies, user_watchlist, user_profiles, chat_messages) | ||
| - SQL Functions: 4 (vector search, profile updates) | ||
| **Database (9 таблиц):** movies, tv_shows, tv_seasons, tv_episodes, user_watchlist, user_tv_watchlist, user_profiles, chat_messages, import_progress | ||
|
|
||
| **Тесты:** 1 файл (`smart-search/__tests__/rrf.spec.ts`) — требуется расширение (§18.2) | ||
|
|
||
| --- | ||
|
|
||
|
|
@@ -83,14 +66,13 @@ Improvements: ██████████░░░░░░░░░░ 50% I | |
| # Backend | ||
| cd apps/api | ||
| export REDIS_URL=redis://localhost:6379 | ||
| pnpm dev | ||
| pnpm dev # port 3001 | ||
|
|
||
| # Frontend | ||
| cd apps/web | ||
| pnpm dev | ||
| pnpm dev # port 3002 | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## ✅ Day 0 - Preparation (Complete) | ||
| ... (keep existing Day 0-14 logs if needed, but the above is the most relevant for resume) | ||
| **Production:** | ||
| - API: https://api-production-9141.up.railway.app | ||
| - Web: https://m-recommendr-web-ip4u.vercel.app | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security progress claims are stale for this hardening PR.
Lines 15 and 39–44 still state guards/throttling/validation are absent, which conflicts with the current security-hardening changes in this PR. Update this snapshot so status and next steps reflect post-hardening state.
Also applies to: 37-44, 49-52
🤖 Prompt for AI Agents