radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8799d03af31db3929b6a0fd3caf391eb7845732
spotlightcam/docs/TODO.md
Radosław Gierwiało 5ee1e0a4b9 docs: add matching integration tests to high priority tasks
2025-11-30 00:02:42 +01:00

147 lines
4.7 KiB
Markdown
Raw Blame History

# TODO - spotlight.cam
**Active tasks and roadmap**
---
## Current Status
**Phase:** MVP Complete - Ready for Production Deployment
**Tests:** 285/286 passing - 99.7% (73% coverage)
**Status:** Awaiting infrastructure setup
### High Priority Tasks
**🔴 CRITICAL: Recording Stats Update Mechanism**
- **Issue:** Fields `recordingsDone` and `recordingsReceived` exist in database but no mechanism to update them
- **Requirements:**
- Analyze how to update these fields consistently with tier system and ratings
- Determine update trigger: after match completion? after rating? automatic on suggestion acceptance?
- Ensure consistency with existing rating system
- Consider edge cases: declined suggestions, cancelled matches, incomplete ratings
- Design API endpoints or automated triggers for stat updates
- **Impact:** Tier system fairness algorithm depends on accurate karma tracking
- **Dependencies:** Matches API, Ratings API, Recording Suggestions
**🟡 HIGH: Matching Algorithm Integration Tests**
- **Issue:** Only unit tests for helper functions exist, no end-to-end tests for `runMatching()`
- **Test Plan:** `backend/src/__tests__/matching-scenarios.md` (18 scenarios defined)
- **Priority Phases:**
1. **Phase 1:** Fundamentals (TC1-3) - Basic happy path, NOT_FOUND scenarios
2. **Phase 2:** Collision Detection (TC4-9) - Buffers, slot mapping
3. **Phase 3:** Limits & Workload (TC10-11) - **CRITICAL bug verification** (recording-recording collision)
4. **Phase 4:** Fairness & Tiers (TC12-16) - Tier penalties, sorting priority
5. **Phase 5:** Edge Cases (TC17-18) - Sanity checks
- **Impact:** Ensures matching algorithm works correctly end-to-end, verifies critical bug fixes
- **Status:** Test plan documented, implementation pending
### Recently Completed (2025-11-29)
- 3-Tier Account System (BASIC/SUPPORTER/COMFORT) with fairness algorithm
- Dual Buffer System (prep before + rest after dancing)
- Clickable Usernames with @ prefix in profiles
- Country Flags in Event Chat
- Mobile-first Design Improvements (page titles on mobile)
- Recording Matching System Improvements (collision detection, schedule config)
- Test Bot for Automated Testing
**Full history:** See `docs/archive/COMPLETED.md`
---
## Security Audit Findings
### Critical Issues (Must Fix Before Production)
| Issue | Severity | File | Action |
|-------|----------|------|--------|
| AWS Credentials in Git | 10/10 | `.env.production` | Rotate & remove from history |
| Weak JWT Secret | 9/10 | `.env.production` | Generate 64+ byte secret |
| Default DB Password | 8/10 | `docker-compose.yml` | Remove default fallback |
### High Priority Issues
| Issue | Severity | Action |
|-------|----------|--------|
| Missing HTTPS/TLS | 8/10 | Configure SSL certificate |
| Missing nginx security headers | 6/10 | Add X-Frame-Options, CSP, etc. |
| Dependency vulnerabilities | HIGH | Run `npm audit fix` |
| Excessive body size (500M) | 4/10 | Reduce to 10M |
### Positive Security Findings
- Strong authentication (JWT, bcrypt, email verification)
- Input validation (express-validator)
- Security headers (Helmet.js)
- Rate limiting implemented
- CORS configured
- SQL injection prevention (Prisma)
- Account lockout implemented
- WebRTC P2P (videos don't touch server)
---
## Pre-Deployment Checklist
- [ ] Rotate AWS credentials, remove from Git history
- [ ] Generate strong JWT_SECRET (64+ bytes)
- [ ] Set strong PostgreSQL password
- [ ] Configure HTTPS/TLS
- [ ] Add nginx security headers
- [ ] Run npm audit fix
- [ ] Reduce nginx body size limit
---
## Future Improvements (Optional)
### UX Enhancements
- Activity Feed (timeline of user activities)
- Smart sort order (unread first, pending ratings)
- User statistics (total matches, average rating)
- Sidebar filters (by nationality, division)
### Security Hardening
- Increase bcrypt rounds (10 → 12)
- Implement refresh token pattern
- Add Socket.IO rate limiting
- Sanitize chat messages
### Infrastructure
- CI/CD pipeline (GitHub Actions)
- E2E tests (Playwright)
- Security logging
---
## Progress Summary
| Phase | Status | Time |
|-------|--------|------|
| Phase 0: Frontend Mockup | ✅ Done | ~8h |
| Phase 1: Backend Foundation | ✅ Done | ~14h |
| Phase 1.5: Email & WSDC & Profiles | ✅ Done | ~12h |
| Phase 1.6: Competition Heats | ✅ Done | ~8h |
| Phase 2: Matches & Ratings | ✅ Done | ~10h |
| Phase 2.5: WebRTC P2P | ✅ Done | ~10h |
| Phase 3: MVP Finalization | ✅ Done | ~20h |
| **Total MVP** | **✅ Complete** | **~82h** |
---
## Quick Commands
```bash
# Development
docker compose up --build
# Tests
docker compose exec backend npm test
# Access
http://localhost:8080
```
---
**Last Updated:** 2025-11-29
**Full Details:** See `docs/archive/COMPLETED.md` for implementation details
Reference in New Issue View Git Blame Copy Permalink