fix(api): gate /api/_test/* routes to non-production (closes #116)#125
Open
themightychris wants to merge 1 commit into
Open
fix(api): gate /api/_test/* routes to non-production (closes #116)#125themightychris wants to merge 1 commit into
themightychris wants to merge 1 commit into
Conversation
The three test-harness routes in health.ts: POST /api/_test/validation-error POST /api/_test/internal-error POST /api/_test/idempotency exist purely to exercise the error-mapping + idempotency code paths from CI. They were always reachable in production — meaning any caller could hit /api/_test/internal-error and force a 500. Defense in depth: wrap registration in `if (fastify.config.NODE_ENV !== 'production')`. CI tests that depend on these routes already run in NODE_ENV=test, so nothing breaks. New api-skeleton test asserts all three return 404 when the app is built with NODE_ENV=production. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #116. Three test-harness routes in `apps/api/src/routes/health.ts`:
were always reachable in production. Any caller could hit `/api/_test/internal-error` and force a 500.
Fix: wrap the three route registrations in `if (fastify.config.NODE_ENV !== 'production')`. CI tests that depend on these routes already run in `NODE_ENV=test`, so nothing breaks.
New test asserts all three return 404 when the app is built with `NODE_ENV=production`, plus that `/api/health` still works (sanity check that prod-mode boot didn't regress anything else).
Test plan
🤖 Generated with Claude Code