admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Close all 25 codex audit findings and add KMP contract tests

Browse Source 
Remediate all P0-S priority findings from cross-platform architecture audit:
- Add input validation and authorization checks across handlers
- Harden social auth (Apple/Google) token validation
- Add document ownership verification and file type validation
- Add rate limiting config and CORS origin restrictions
- Add subscription tier enforcement in handlers
- Add OpenAPI 3.0.3 spec (81 schemas, 104 operations)
- Add URL-level contract test (KMP API routes match spec paths)
- Add model-level contract test (65 schemas, 464 fields validated)
- Add CI workflow for backend tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
2026-02-18 13:15:07 -06:00
parent 215e7c895d
commit bb7493f033
23 changed files with 6549 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/testutil/testutil.go
View File

@@ -54,6 +54,7 @@ func SetupTestDB(t *testing.T) *gorm.DB {
&models.Contractor{},
&models.ContractorSpecialty{},
&models.Document{},
&models.DocumentImage{},
&models.Notification{},
&models.NotificationPreference{},
&models.APNSDevice{},