radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add test accounts and secure event slugs

Browse Source 
Security improvements:
- Add @default(cuid()) to Event.slug for auto-generated random slugs
- Prevent ID enumeration attacks (no more predictable slugs like "warsaw-dance-festival-2025")
- Event slugs now generated as secure cuid strings (e.g., "cmhz3lcgb00018vbn34v4phoi")

Test accounts:
- Add 3 test users to seed (john_dancer, sarah_swings, mike_blues)
- All users checked in to Warsaw Dance Festival 2025
- Pre-configured heats for testing matchmaking system
- Full profiles with WSDC IDs, social media, and locations

Seed improvements:
- Add bcryptjs for password hashing
- Add Prisma seed configuration to package.json
- Use worldsdcId for event upsert (instead of slug)
- Auto-generate event slugs via Prisma default

Documentation:
- Add test account credentials to SESSION_CONTEXT.md
- Document event slug security model
- Include sample heats for each test user
This commit is contained in:
Radosław Gierwiało
2025-11-14 17:55:29 +01:00
parent b4960da1b1
commit 92315d5a8c
4 changed files with 256 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
docs/SESSION_CONTEXT.md
View File

@@ -339,17 +339,47 @@ RUN apk add --no-cache openssl
---
## Quick Reference - Mock Data
## Test Accounts
**Mock User (logged in):**
- ID: 1
- Username: john_doe
- Email: john@example.com
**Test users for manual testing (seeded in database):**
**Mock Events:**
- ID: 1 - Warsaw Dance Festival 2025
- ID: 2 - Swing Camp Barcelona 2025
- ID: 3 - Blues Week Herräng 2025
1. **john_dancer**
- Email: `john@example.com`
- Password: `Dance123!`
- Profile: John Smith (WSDC #12345), Los Angeles, USA
- Social: Instagram, YouTube
- Events: Warsaw Dance Festival (checked in), Swing Camp Barcelona (checked in)
- Heats in Warsaw: J&J NOV 1 L, STR INT 2 L
2. **sarah_swings**
- Email: `sarah@example.com`
- Password: `Swing456!`
- Profile: Sarah Johnson (WSDC #23456), London, UK
- Social: TikTok, Facebook
- Events: Warsaw Dance Festival (checked in)
- Heats in Warsaw: J&J NOV 1 F, J&J ADV 3
3. **mike_blues**
- Email: `mike@example.com`
- Password: `Blues789!`
- Profile: Mike Williams (WSDC #34567), Stockholm, Sweden
- Social: Instagram, YouTube, TikTok, Facebook
- Events: Warsaw Dance Festival (checked in)
- Heats in Warsaw: J&J INT 5 L, STR ADV 1 F
**Note:** All test users are verified and checked in to Warsaw Dance Festival 2025 event. They have pre-configured heats to test the matchmaking system.
---
## Quick Reference - Events
**Seeded Events (slugs are auto-generated cuid for security):**
- Warsaw Dance Festival 2025 (slug: auto-generated, e.g. `cmhz3lcgb00018vbn34v4phoi`)
- Swing Camp Barcelona 2025 (slug: auto-generated)
- Blues Week Herräng 2025 (slug: auto-generated)
- Krakow Swing Connection 2025 (slug: auto-generated)
**Note:** Event slugs are randomly generated cuid strings to prevent ID enumeration attacks. To find the actual slug, log in and check the Events page URL.
---