radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e49fa5c629b0e70fa86e6255b2bc7420ae94aa6
spotlightcam/docs/TODO.md
Radosław Gierwiało 5ee1e0a4b9 docs: add matching integration tests to high priority tasks
2025-11-30 00:02:42 +01:00

4.7 KiB
Raw Blame History

TODO - spotlight.cam

Active tasks and roadmap

Current Status

Phase: MVP Complete - Ready for Production Deployment Tests: 285/286 passing - 99.7% (73% coverage) Status: Awaiting infrastructure setup

High Priority Tasks

🔴 CRITICAL: Recording Stats Update Mechanism

  • Issue: Fields recordingsDone and recordingsReceived exist in database but no mechanism to update them
  • Requirements:
    • Analyze how to update these fields consistently with tier system and ratings
    • Determine update trigger: after match completion? after rating? automatic on suggestion acceptance?
    • Ensure consistency with existing rating system
    • Consider edge cases: declined suggestions, cancelled matches, incomplete ratings
    • Design API endpoints or automated triggers for stat updates
  • Impact: Tier system fairness algorithm depends on accurate karma tracking
  • Dependencies: Matches API, Ratings API, Recording Suggestions

🟡 HIGH: Matching Algorithm Integration Tests

  • Issue: Only unit tests for helper functions exist, no end-to-end tests for runMatching()
  • Test Plan: backend/src/__tests__/matching-scenarios.md (18 scenarios defined)
  • Priority Phases:
    1. Phase 1: Fundamentals (TC1-3) - Basic happy path, NOT_FOUND scenarios
    2. Phase 2: Collision Detection (TC4-9) - Buffers, slot mapping
    3. Phase 3: Limits & Workload (TC10-11) - CRITICAL bug verification (recording-recording collision)
    4. Phase 4: Fairness & Tiers (TC12-16) - Tier penalties, sorting priority
    5. Phase 5: Edge Cases (TC17-18) - Sanity checks
  • Impact: Ensures matching algorithm works correctly end-to-end, verifies critical bug fixes
  • Status: Test plan documented, implementation pending

Recently Completed (2025-11-29)

  • 3-Tier Account System (BASIC/SUPPORTER/COMFORT) with fairness algorithm
  • Dual Buffer System (prep before + rest after dancing)
  • Clickable Usernames with @ prefix in profiles
  • Country Flags in Event Chat
  • Mobile-first Design Improvements (page titles on mobile)
  • Recording Matching System Improvements (collision detection, schedule config)
  • Test Bot for Automated Testing

Full history: See docs/archive/COMPLETED.md

Security Audit Findings

Critical Issues (Must Fix Before Production)

Issue Severity File Action
AWS Credentials in Git 10/10 .env.production Rotate & remove from history
Weak JWT Secret 9/10 .env.production Generate 64+ byte secret
Default DB Password 8/10 docker-compose.yml Remove default fallback

High Priority Issues

Issue Severity Action
Missing HTTPS/TLS 8/10 Configure SSL certificate
Missing nginx security headers 6/10 Add X-Frame-Options, CSP, etc.
Dependency vulnerabilities HIGH Run npm audit fix
Excessive body size (500M) 4/10 Reduce to 10M

Positive Security Findings

  • Strong authentication (JWT, bcrypt, email verification)
  • Input validation (express-validator)
  • Security headers (Helmet.js)
  • Rate limiting implemented
  • CORS configured
  • SQL injection prevention (Prisma)
  • Account lockout implemented
  • WebRTC P2P (videos don't touch server)

Pre-Deployment Checklist

  • Rotate AWS credentials, remove from Git history
  • Generate strong JWT_SECRET (64+ bytes)
  • Set strong PostgreSQL password
  • Configure HTTPS/TLS
  • Add nginx security headers
  • Run npm audit fix
  • Reduce nginx body size limit

Future Improvements (Optional)

UX Enhancements

  • Activity Feed (timeline of user activities)
  • Smart sort order (unread first, pending ratings)
  • User statistics (total matches, average rating)
  • Sidebar filters (by nationality, division)

Security Hardening

  • Increase bcrypt rounds (10 → 12)
  • Implement refresh token pattern
  • Add Socket.IO rate limiting
  • Sanitize chat messages

Infrastructure

  • CI/CD pipeline (GitHub Actions)
  • E2E tests (Playwright)
  • Security logging

Progress Summary

Phase Status Time
Phase 0: Frontend Mockup Done ~8h
Phase 1: Backend Foundation Done ~14h
Phase 1.5: Email & WSDC & Profiles Done ~12h
Phase 1.6: Competition Heats Done ~8h
Phase 2: Matches & Ratings Done ~10h
Phase 2.5: WebRTC P2P Done ~10h
Phase 3: MVP Finalization Done ~20h
Total MVP Complete ~82h

Quick Commands

# Development
docker compose up --build

# Tests
docker compose exec backend npm test

# Access
http://localhost:8080

Last Updated: 2025-11-29 Full Details: See docs/archive/COMPLETED.md for implementation details