Skip to content

first commit #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
manzano-bjf wants to merge 1 commit into from
Closed

first commit #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 22 additions & 12 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,20 +188,9 @@ PORT=3000

```bash
# Run migrations to create database tables
# dist/data-source.js is your file data-source in dist directory
npm run typeorm migration:run -d dist/data-source.js

# or

# dist/data-source.js is your file data-source in dist directory
# The --fake flag tells TypeORM to mark the migration as executed without actually running it.
npm run typeorm migration:run -d dist/data-source.js --fake
npm run typeorm migration:run
```

> [!WARNING]
> Is important that you have dist file to use migrations


### 6. Start the Application

```bash
Expand Down Expand Up @@ -491,6 +480,27 @@ Examples:
4. Create PR with detailed description
5. Wait for review and approval

### Type Safety & Avoiding `any`

Strict TypeScript options are enabled (`strict`, `noImplicitAny`, `strictNullChecks`). Do not introduce unchecked `any`.

Guidelines:

- Prefer `unknown` for opaque values instead of `any`.
- Use generics in helpers (e.g. async handlers, validation middleware) to propagate types.
- DTOs must define explicit field types. For collections of key/value attributes create a small interface (see `AttributeValueDTO`).
- Dynamic JSON blobs: `Record<string, unknown>`.
- If interoperating with untyped libraries, narrow as soon as possible and add runtime guards.
- Only in tests you may coerce with `as unknown as T`; keep the cast local.

Audit command:

```bash
grep -R "any" src | grep -v spec || true
```

If you intentionally keep an `any`, annotate with `// INTENTIONAL_ANY: reason`.

## 🚀 Deployment

### Production
Expand Down
17 changes: 3 additions & 14 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,13 @@ services:
image: postgres:latest
container_name: starshop-db
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: starshop
Comment on lines +7 to +9
Copy link

@coderabbitai coderabbitai bot Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Security risk: hardcoded credentials in version control.

The PostgreSQL credentials are hardcoded with weak values (user/password). This poses a security risk if the compose file is used in non-local environments or committed to public repositories.

Apply this diff to use environment variables with safe defaults:

     environment:
-      POSTGRES_USER: user
-      POSTGRES_PASSWORD: password
-      POSTGRES_DB: starshop
+      POSTGRES_USER: ${POSTGRES_USER:-user}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
+      POSTGRES_DB: ${POSTGRES_DB:-starshop}

Then create a .env.example file with placeholders and add .env to .gitignore.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: starshop
environment:
- POSTGRES_USER: user
- POSTGRES_PASSWORD: password
POSTGRES_USER: ${POSTGRES_USER:-user}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
POSTGRES_DB: ${POSTGRES_DB:-starshop}
🤖 Prompt for AI Agents 
In docker-compose.yml around lines 7 to 9, the PostgreSQL credentials are
hardcoded (POSTGRES_USER/POSTGRES_PASSWORD/POSTGRES_DB) which is a security
risk; change these to reference environment variables (e.g., POSTGRES_USER,
POSTGRES_PASSWORD, POSTGRES_DB) with safe defaults using parameter expansion,
update any docs to instruct using a .env file, add a new .env.example with
placeholder values for these variables (do not include real secrets), and add
.env to .gitignore so runtime secrets are not committed to version control.

ports:
- '5432:5432'
volumes:
- postgres_data:/var/lib/postgresql/data

redis:
image: redis:7-alpine
container_name: starshop-redis
ports:
- '6379:6379'
volumes:
- redis_data:/data
command: redis-server --appendonly yes
restart: unless-stopped

volumes:
postgres_data:
redis_data:
Loading