Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(build): resolve Next.js build failures from invalid route exports

Browse Source 
- Extract detectAuthAnomalies + THRESHOLDS from route.ts to detect.ts
  (Next.js rejects non-standard exports from route files)
- Add explicit RenderResult return type to test-utils customRender
- Skip ESLint during next build (runs separately via pnpm lint)
- Revert test file exclusions from tsconfig (breaks eslint parser)
- Update route.test.ts imports to match new file structure

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hartmut Nörenberg
2026-04-11 07:40:00 +02:00
parent d8aac21e2d
commit 4469fc42af
5 changed files with 122 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/next.config.ts
+6
View File
@@ -17,6 +17,11 @@ const nextConfig: NextConfig = {
"@capakraken/staffing", "@capakraken/staffing",
], ],
typedRoutes: true, typedRoutes: true,
eslint: {
// ESLint runs separately via `pnpm lint` — skip during `next build` to
// avoid plugin resolution issues in the build environment.
ignoreDuringBuilds: true,
},
async redirects() { async redirects() {
return [ return [
// Common URL alias — redirect to the real auth entry point // Common URL alias — redirect to the real auth entry point
@@ -86,6 +91,7 @@ const nextConfig: NextConfig = {
let exportedConfig: NextConfig = nextConfig; let exportedConfig: NextConfig = nextConfig;
if (process.env.NODE_ENV === "production") { if (process.env.NODE_ENV === "production") {
try { try {
// eslint-disable-next-line @typescript-eslint/no-require-imports
const { withSentryConfig } = require("@sentry/nextjs"); const { withSentryConfig } = require("@sentry/nextjs");
exportedConfig = withSentryConfig(nextConfig, { exportedConfig = withSentryConfig(nextConfig, {
silent: true, silent: true,
apps/web/src/app/api/cron/auth-anomaly-check/detect.ts
+79
View File
@@ -0,0 +1,79 @@
import { prisma } from "@capakraken/db";
/** Window over which auth events are analysed. */
const WINDOW_MS = 30 * 60 * 1000; // 30 minutes
/**
* Alert thresholds — tune per deployment if needed.
* Exported so tests can reference them without re-declaring magic numbers.
*/
export const THRESHOLDS = {
/** Total failed login attempts in the window before alerting. */
globalFailures: 20,
/** Failed attempts attributed to a single entityId (userId / IP placeholder) before alerting. */
perEntityFailures: 10,
};
export interface AnomalyReport {
windowStartedAt: string;
windowEndedAt: string;
totalFailures: number;
anomalies: Array<{ type: string; count: number; entityId: string | null }>;
}
/**
* Analyses recent auth audit events and returns detected anomalies.
* Exported for unit testing without an HTTP layer.
*/
export async function detectAuthAnomalies(windowMs = WINDOW_MS): Promise<AnomalyReport> {
const windowEnd = new Date();
const windowStart = new Date(windowEnd.getTime() - windowMs);
const failureEvents = await prisma.auditLog.findMany({
where: {
entityType: "Auth",
action: "CREATE",
summary: { startsWith: "Login failed" },
createdAt: { gte: windowStart, lte: windowEnd },
},
select: {
entityId: true,
summary: true,
},
});
const anomalies: AnomalyReport["anomalies"] = [];
// Global threshold: too many failures overall
if (failureEvents.length >= THRESHOLDS.globalFailures) {
anomalies.push({
type: "HIGH_GLOBAL_FAILURE_RATE",
count: failureEvents.length,
entityId: null,
});
}
// Per-entity threshold: one entity accumulating failures (brute-force pattern)
const countByEntity = new Map<string, number>();
for (const event of failureEvents) {
if (event.entityId) {
countByEntity.set(event.entityId, (countByEntity.get(event.entityId) ?? 0) + 1);
}
}
for (const [entityId, count] of countByEntity.entries()) {
if (count >= THRESHOLDS.perEntityFailures) {
anomalies.push({
type: "CONCENTRATED_FAILURES",
count,
entityId,
});
}
}
return {
windowStartedAt: windowStart.toISOString(),
windowEndedAt: windowEnd.toISOString(),
totalFailures: failureEvents.length,
anomalies,
};
}
apps/web/src/app/api/cron/auth-anomaly-check/route.test.ts
+34 -28
View File
@@ -10,8 +10,8 @@
* - No admin notification when no anomalies * - No admin notification when no anomalies
*/ */
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { beforeEach, describe, expect, it, vi } from "vitest";
import { THRESHOLDS } from "./route.js"; import { THRESHOLDS } from "./detect.js";
// ─── Prisma mock ───────────────────────────────────────────────────────────── // ─── Prisma mock ─────────────────────────────────────────────────────────────
const auditLogFindManyMock = vi.hoisted(() => vi.fn()); const auditLogFindManyMock = vi.hoisted(() => vi.fn());
@@ -62,10 +62,17 @@ async function importRoute() {
return mod; return mod;
} }
async function importDetect() {
const mod = await import("./detect.js");
return mod;
}
// ─── tests ──────────────────────────────────────────────────────────────────── // ─── tests ────────────────────────────────────────────────────────────────────
describe("GET /api/cron/auth-anomaly-check — cron secret enforcement", () => { describe("GET /api/cron/auth-anomaly-check — cron secret enforcement", () => {
beforeEach(() => { vi.clearAllMocks(); }); beforeEach(() => {
vi.clearAllMocks();
});
it("returns 401 when verifyCronSecret denies the request", async () => { it("returns 401 when verifyCronSecret denies the request", async () => {
const { NextResponse } = await import("next/server"); const { NextResponse } = await import("next/server");
@@ -102,7 +109,7 @@ describe("GET /api/cron/auth-anomaly-check — no anomalies", () => {
); );
const { GET } = await importRoute(); const { GET } = await importRoute();
const res = await GET(makeRequest()); const res = await GET(makeRequest());
const body = await res.json() as { ok: boolean; anomalies: unknown[] }; const body = (await res.json()) as { ok: boolean; anomalies: unknown[] };
expect(res.status).toBe(200); expect(res.status).toBe(200);
expect(body.ok).toBe(true); expect(body.ok).toBe(true);
expect(body.anomalies).toHaveLength(0); expect(body.anomalies).toHaveLength(0);
@@ -129,7 +136,7 @@ describe("GET /api/cron/auth-anomaly-check — HIGH_GLOBAL_FAILURE_RATE", () =>
userFindManyMock.mockResolvedValue([{ id: "admin_1" }]); userFindManyMock.mockResolvedValue([{ id: "admin_1" }]);
const { GET } = await importRoute(); const { GET } = await importRoute();
const res = await GET(makeRequest()); const res = await GET(makeRequest());
const body = await res.json() as { anomalies: Array<{ type: string }> }; const body = (await res.json()) as { anomalies: Array<{ type: string }> };
expect(body.anomalies.some((a) => a.type === "HIGH_GLOBAL_FAILURE_RATE")).toBe(true); expect(body.anomalies.some((a) => a.type === "HIGH_GLOBAL_FAILURE_RATE")).toBe(true);
}); });
@@ -141,7 +148,10 @@ describe("GET /api/cron/auth-anomaly-check — HIGH_GLOBAL_FAILURE_RATE", () =>
const { GET } = await importRoute(); const { GET } = await importRoute();
await GET(makeRequest()); await GET(makeRequest());
expect(createNotificationsMock).toHaveBeenCalledOnce(); expect(createNotificationsMock).toHaveBeenCalledOnce();
const call = createNotificationsMock.mock.calls[0]![0] as { userIds: string[]; priority: string }; const call = createNotificationsMock.mock.calls[0]![0] as {
userIds: string[];
priority: string;
};
expect(call.userIds).toContain("admin_1"); expect(call.userIds).toContain("admin_1");
expect(call.priority).toBe("CRITICAL"); expect(call.priority).toBe("CRITICAL");
}); });
@@ -161,7 +171,7 @@ describe("GET /api/cron/auth-anomaly-check — CONCENTRATED_FAILURES", () => {
userFindManyMock.mockResolvedValue([{ id: "admin_1" }]); userFindManyMock.mockResolvedValue([{ id: "admin_1" }]);
const { GET } = await importRoute(); const { GET } = await importRoute();
const res = await GET(makeRequest()); const res = await GET(makeRequest());
const body = await res.json() as { anomalies: Array<{ type: string; entityId: string }> }; const body = (await res.json()) as { anomalies: Array<{ type: string; entityId: string }> };
const concentrated = body.anomalies.find((a) => a.type === "CONCENTRATED_FAILURES"); const concentrated = body.anomalies.find((a) => a.type === "CONCENTRATED_FAILURES");
expect(concentrated).toBeDefined(); expect(concentrated).toBeDefined();
expect(concentrated!.entityId).toBe("target_user"); expect(concentrated!.entityId).toBe("target_user");
@@ -169,11 +179,13 @@ describe("GET /api/cron/auth-anomaly-check — CONCENTRATED_FAILURES", () => {
it("does not flag an entity that is below the per-entity threshold", async () => { it("does not flag an entity that is below the per-entity threshold", async () => {
auditLogFindManyMock.mockResolvedValue( auditLogFindManyMock.mockResolvedValue(
Array.from({ length: THRESHOLDS.perEntityFailures - 1 }, () => makeFailureEvent("target_user")), Array.from({ length: THRESHOLDS.perEntityFailures - 1 }, () =>
makeFailureEvent("target_user"),
),
); );
const { GET } = await importRoute(); const { GET } = await importRoute();
const res = await GET(makeRequest()); const res = await GET(makeRequest());
const body = await res.json() as { anomalies: Array<{ type: string }> }; const body = (await res.json()) as { anomalies: Array<{ type: string }> };
expect(body.anomalies.some((a) => a.type === "CONCENTRATED_FAILURES")).toBe(false); expect(body.anomalies.some((a) => a.type === "CONCENTRATED_FAILURES")).toBe(false);
}); });
@@ -199,7 +211,7 @@ describe("GET /api/cron/auth-anomaly-check — error handling", () => {
const { GET } = await importRoute(); const { GET } = await importRoute();
const res = await GET(makeRequest()); const res = await GET(makeRequest());
expect(res.status).toBe(500); expect(res.status).toBe(500);
const body = await res.json() as { ok: boolean }; const body = (await res.json()) as { ok: boolean };
expect(body.ok).toBe(false); expect(body.ok).toBe(false);
}); });
}); });
@@ -209,11 +221,13 @@ describe("GET /api/cron/auth-anomaly-check — error handling", () => {
// the CRON_SECRET check, to verify threshold logic in isolation. // the CRON_SECRET check, to verify threshold logic in isolation.
describe("detectAuthAnomalies — unit tests", () => { describe("detectAuthAnomalies — unit tests", () => {
beforeEach(() => { vi.clearAllMocks(); }); beforeEach(() => {
vi.clearAllMocks();
});
it("returns empty anomalies and zero totalFailures when no events are found", async () => { it("returns empty anomalies and zero totalFailures when no events are found", async () => {
auditLogFindManyMock.mockResolvedValue([]); auditLogFindManyMock.mockResolvedValue([]);
const { detectAuthAnomalies } = await importRoute(); const { detectAuthAnomalies } = await importDetect();
const result = await detectAuthAnomalies(); const result = await detectAuthAnomalies();
@@ -227,13 +241,11 @@ describe("detectAuthAnomalies — unit tests", () => {
summary: "Login failed: bad password", summary: "Login failed: bad password",
})); }));
auditLogFindManyMock.mockResolvedValue(events); auditLogFindManyMock.mockResolvedValue(events);
const { detectAuthAnomalies } = await importRoute(); const { detectAuthAnomalies } = await importDetect();
const result = await detectAuthAnomalies(); const result = await detectAuthAnomalies();
const globalAnomaly = result.anomalies.find( const globalAnomaly = result.anomalies.find((a) => a.type === "HIGH_GLOBAL_FAILURE_RATE");
(a) => a.type === "HIGH_GLOBAL_FAILURE_RATE",
);
expect(globalAnomaly).toBeDefined(); expect(globalAnomaly).toBeDefined();
expect(globalAnomaly!.count).toBe(THRESHOLDS.globalFailures); expect(globalAnomaly!.count).toBe(THRESHOLDS.globalFailures);
expect(result.totalFailures).toBe(THRESHOLDS.globalFailures); expect(result.totalFailures).toBe(THRESHOLDS.globalFailures);
@@ -245,13 +257,11 @@ describe("detectAuthAnomalies — unit tests", () => {
summary: "Login failed: bad password", summary: "Login failed: bad password",
})); }));
auditLogFindManyMock.mockResolvedValue(events); auditLogFindManyMock.mockResolvedValue(events);
const { detectAuthAnomalies } = await importRoute(); const { detectAuthAnomalies } = await importDetect();
const result = await detectAuthAnomalies(); const result = await detectAuthAnomalies();
const concentrated = result.anomalies.find( const concentrated = result.anomalies.find((a) => a.type === "CONCENTRATED_FAILURES");
(a) => a.type === "CONCENTRATED_FAILURES",
);
expect(concentrated).toBeDefined(); expect(concentrated).toBeDefined();
expect(concentrated!.count).toBe(THRESHOLDS.perEntityFailures); expect(concentrated!.count).toBe(THRESHOLDS.perEntityFailures);
expect(concentrated!.entityId).toBe("user_attacker"); expect(concentrated!.entityId).toBe("user_attacker");
@@ -265,13 +275,11 @@ describe("detectAuthAnomalies — unit tests", () => {
summary: "Login failed: unknown user", summary: "Login failed: unknown user",
})); }));
auditLogFindManyMock.mockResolvedValue(events); auditLogFindManyMock.mockResolvedValue(events);
const { detectAuthAnomalies } = await importRoute(); const { detectAuthAnomalies } = await importDetect();
const result = await detectAuthAnomalies(); const result = await detectAuthAnomalies();
const concentrated = result.anomalies.find( const concentrated = result.anomalies.find((a) => a.type === "CONCENTRATED_FAILURES");
(a) => a.type === "CONCENTRATED_FAILURES",
);
expect(concentrated).toBeUndefined(); expect(concentrated).toBeUndefined();
}); });
@@ -289,15 +297,13 @@ describe("detectAuthAnomalies — unit tests", () => {
}), }),
); );
auditLogFindManyMock.mockResolvedValue([...botEvents, ...otherEvents]); auditLogFindManyMock.mockResolvedValue([...botEvents, ...otherEvents]);
const { detectAuthAnomalies } = await importRoute(); const { detectAuthAnomalies } = await importDetect();
const result = await detectAuthAnomalies(); const result = await detectAuthAnomalies();
expect(result.totalFailures).toBe(THRESHOLDS.globalFailures); expect(result.totalFailures).toBe(THRESHOLDS.globalFailures);
const globalAnomaly = result.anomalies.find( const globalAnomaly = result.anomalies.find((a) => a.type === "HIGH_GLOBAL_FAILURE_RATE");
(a) => a.type === "HIGH_GLOBAL_FAILURE_RATE",
);
expect(globalAnomaly).toBeDefined(); expect(globalAnomaly).toBeDefined();
const concentrated = result.anomalies.find( const concentrated = result.anomalies.find(
apps/web/src/app/api/cron/auth-anomaly-check/route.ts
+1 -78
View File
@@ -3,88 +3,11 @@ import { prisma } from "@capakraken/db";
import { createNotificationsForUsers } from "@capakraken/api"; import { createNotificationsForUsers } from "@capakraken/api";
import { logger } from "@capakraken/api/lib/logger"; import { logger } from "@capakraken/api/lib/logger";
import { verifyCronSecret } from "~/lib/cron-auth.js"; import { verifyCronSecret } from "~/lib/cron-auth.js";
import { detectAuthAnomalies } from "./detect.js";
export const dynamic = "force-dynamic"; export const dynamic = "force-dynamic";
export const runtime = "nodejs"; export const runtime = "nodejs";
/** Window over which auth events are analysed. */
const WINDOW_MS = 30 * 60 * 1000; // 30 minutes
/**
* Alert thresholds — tune per deployment if needed.
* Exported so tests can reference them without re-declaring magic numbers.
*/
export const THRESHOLDS = {
/** Total failed login attempts in the window before alerting. */
globalFailures: 20,
/** Failed attempts attributed to a single entityId (userId / IP placeholder) before alerting. */
perEntityFailures: 10,
};
export interface AnomalyReport {
windowStartedAt: string;
windowEndedAt: string;
totalFailures: number;
anomalies: Array<{ type: string; count: number; entityId: string | null }>;
}
/**
* Analyses recent auth audit events and returns detected anomalies.
* Exported for unit testing without an HTTP layer.
*/
export async function detectAuthAnomalies(windowMs = WINDOW_MS): Promise<AnomalyReport> {
const windowEnd = new Date();
const windowStart = new Date(windowEnd.getTime() - windowMs);
const failureEvents = await prisma.auditLog.findMany({
where: {
entityType: "Auth",
action: "CREATE",
summary: { startsWith: "Login failed" },
createdAt: { gte: windowStart, lte: windowEnd },
},
select: {
entityId: true,
summary: true,
},
});
const anomalies: AnomalyReport["anomalies"] = [];
// Global threshold: too many failures overall
if (failureEvents.length >= THRESHOLDS.globalFailures) {
anomalies.push({
type: "HIGH_GLOBAL_FAILURE_RATE",
count: failureEvents.length,
entityId: null,
});
}
// Per-entity threshold: one entity accumulating failures (brute-force pattern)
const countByEntity = new Map<string, number>();
for (const event of failureEvents) {
if (event.entityId) {
countByEntity.set(event.entityId, (countByEntity.get(event.entityId) ?? 0) + 1);
}
}
for (const [entityId, count] of countByEntity.entries()) {
if (count >= THRESHOLDS.perEntityFailures) {
anomalies.push({
type: "CONCENTRATED_FAILURES",
count,
entityId,
});
}
}
return {
windowStartedAt: windowStart.toISOString(),
windowEndedAt: windowEnd.toISOString(),
totalFailures: failureEvents.length,
anomalies,
};
}
/** /**
* GET /api/cron/auth-anomaly-check * GET /api/cron/auth-anomaly-check
* *
apps/web/src/test-utils.tsx
+2 -2
View File
@@ -1,5 +1,5 @@
import { QueryClient, QueryClientProvider } from "@tanstack/react-query"; import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { render, type RenderOptions } from "@testing-library/react"; import { render, type RenderOptions, type RenderResult } from "@testing-library/react";
import type { ReactElement } from "react"; import type { ReactElement } from "react";
function createTestQueryClient() { function createTestQueryClient() {
@@ -16,7 +16,7 @@ function TestProviders({ children }: { children: React.ReactNode }) {
return <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>; return <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>;
} }
function customRender(ui: ReactElement, options?: Omit<RenderOptions, "wrapper">) { function customRender(ui: ReactElement, options?: Omit<RenderOptions, "wrapper">): RenderResult {
return render(ui, { wrapper: TestProviders, ...options }); return render(ui, { wrapper: TestProviders, ...options });
} }