[PR #402] [MERGED] refactor: do not include test controller in production builds #821

New Issue

OVERLORD · 2025-10-07T00:22:57+03:00

OVERLORD commented

2025-10-07 00:22:57 +03:00

📋 Pull Request Information

Original PR: https://github.com/pocket-id/pocket-id/pull/402
Author: @ItalyPaleAle
Created: 3/28/2025
Status: ✅ Merged
Merged: 3/30/2025
Merged by: @stonith404

Base: main ← Head: e2etest-controller-tag

📝 Commits (2)

7b56da1 refactor: do not include test controller in production builds
8394c85 Merge branch 'main' into e2etest-controller-tag

📊 Changes

8 files changed (+48 additions, -5 deletions)

View changed files

📝 .github/workflows/e2e-tests.yml (+2 -0)
➕ .vscode/settings.json (+3 -0)
📝 CONTRIBUTING.md (+1 -1)
📝 Dockerfile (+10 -1)
➕ backend/internal/bootstrap/e2etest_router_bootstrap.go (+21 -0)
📝 backend/internal/bootstrap/router_bootstrap.go (+6 -3)
📝 backend/internal/controller/e2etest_controller.go (+3 -0)
📝 backend/internal/service/e2etest_service.go (+2 -0)

📄 Description

Currently, the test controller is built into Pocket ID binaries and is enabled every time APP_ENV is any value but production.

The test controller is very powerful, as it includes a RESTful endpoint that allows nuking the entire database. While it is required for E2E tests, its existence outside of that can be considered a security risk.

This PR uses Go build tags to make sure that the test controller is only built when the application is compiled with -tag "e2etest", which is not included in production builds

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/pocket-id/pocket-id/pull/402 **Author:** [@ItalyPaleAle](https://github.com/ItalyPaleAle) **Created:** 3/28/2025 **Status:** ✅ Merged **Merged:** 3/30/2025 **Merged by:** [@stonith404](https://github.com/stonith404) **Base:** `main` ← **Head:** `e2etest-controller-tag` --- ### 📝 Commits (2) - [`7b56da1`](https://github.com/pocket-id/pocket-id/commit/7b56da1b38bca8e4cf2c5d01073d93c7c072c1cc) refactor: do not include test controller in production builds - [`8394c85`](https://github.com/pocket-id/pocket-id/commit/8394c857787b098bc6177b27d333a3685fa3fbdf) Merge branch 'main' into e2etest-controller-tag ### 📊 Changes **8 files changed** (+48 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/e2e-tests.yml` (+2 -0) ➕ `.vscode/settings.json` (+3 -0) 📝 `CONTRIBUTING.md` (+1 -1) 📝 `Dockerfile` (+10 -1) ➕ `backend/internal/bootstrap/e2etest_router_bootstrap.go` (+21 -0) 📝 `backend/internal/bootstrap/router_bootstrap.go` (+6 -3) 📝 `backend/internal/controller/e2etest_controller.go` (+3 -0) 📝 `backend/internal/service/e2etest_service.go` (+2 -0) </details> ### 📄 Description Currently, the test controller is built into Pocket ID binaries and is enabled every time `APP_ENV` is any value but `production`. The test controller is very powerful, as it includes a RESTful endpoint that allows nuking the entire database. While it is required for E2E tests, its existence outside of that can be considered a security risk. This PR uses Go build tags to make sure that the test controller is only built when the application is compiled with `-tag "e2etest"`, which is not included in production builds --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2025-10-07 00:22:57 +03:00

OVERLORD closed this issue

2025-10-07 00:22:59 +03:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#821