bb125db074
fix: code quality hardening — unwrap removal, unsafe forbid, Go/Raw tests ( #72 )
...
* fix: remove unwrap() from production code, improve error handling
- Replace unwrap() with proper error handling in npm, mirror, validation
- Add input validation to cargo registry (crate name + version)
- Improve expect() messages with descriptive context in metrics, rate_limit
- Remove unnecessary clone() in error.rs, docker.rs, npm.rs, dashboard_metrics
- Add #![deny(clippy::unwrap_used)] to prevent future unwrap in prod code
- Add let-else pattern for safer null checks in validation.rs
* docs: update SECURITY.md — add 0.3.x to supported versions
* security: forbid unsafe code at crate level
Add #![forbid(unsafe_code)] to both lib.rs and main.rs.
NORA has zero unsafe blocks — this prevents future additions
without removing the forbid attribute (stronger than deny).
* build: add rust-toolchain.toml, Dockerfile HEALTHCHECK
- Pin toolchain to stable with clippy + rustfmt components
- Add Docker HEALTHCHECK for standalone deployments (wget /health)
* test: add Go proxy and Raw registry integration tests
Go proxy tests: list, .info, .mod, @latest, path traversal, 404
Raw registry tests: upload/download, HEAD, 404, path traversal,
overwrite, delete, binary data (10KB)
2026-03-31 21:15:59 +03:00
e38e4ab4fb
test: E2E smoke tests + Playwright browser tests (23 tests)
...
smoke.sh:
- Full E2E smoke test: health, npm proxy/publish/security, Maven, PyPI, Docker, Raw, UI, mirror CLI
- Self-contained: starts NORA, runs tests, cleans up
Playwright (tests/e2e/):
- Dashboard: page load, registry sections visible, npm count > 0, Docker stats
- npm: URL rewriting, scoped packages, tarball download, publish, immutability, security
- Docker: v2 check, catalog, manifest push/pull, tags list
- Maven: proxy download, upload
- PyPI: simple index, package page
- Raw: upload and download
- Health, metrics, OpenAPI endpoints
All 23 tests pass in 4.7s against live NORA instance.
2026-03-18 11:04:19 +00:00
