Update code

Author: arkid15r

.github/workflows/run-ci-cd.yaml

@@ -78,7 +78,7 @@ jobs:
       - name: Check for uncommitted changes
         run: |
           git diff --exit-code || (echo 'Unstaged changes detected. \
-          Run `make check-all` and use `git add` to address it.' && exit 1)
+          Run `make check` and use `git add` to address it.' && exit 1)
 
   spellcheck:
     name: Run spell check
@@ -241,6 +241,7 @@ jobs:
         run: |
           touch frontend/.env
           echo "VITE_API_URL=${{ secrets.VITE_API_URL }}" >> frontend/.env
+          echo "VITE_CSRF_URL=${{ secrets.VITE_CSRF_URL }}" >> frontend/.env
           echo "VITE_ENVIRONMENT=${{ secrets.VITE_ENVIRONMENT }}" >> frontend/.env
           echo "VITE_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env
           echo "VITE_IDX_URL=${{ secrets.VITE_IDX_URL }}" >> frontend/.env
@@ -404,6 +405,7 @@ jobs:
         run: |
           touch frontend/.env
           echo "VITE_API_URL=${{ secrets.VITE_API_URL }}" >> frontend/.env
+          echo "VITE_CSRF_URL=${{ secrets.VITE_CSRF_URL }}" >> frontend/.env
           echo "VITE_ENVIRONMENT=${{ secrets.VITE_ENVIRONMENT }}" >> frontend/.env
           echo "VITE_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env
           echo "VITE_IDX_URL=${{ secrets.VITE_IDX_URL }}" >> frontend/.env

.github/workflows/test-schema.yaml

@@ -49,7 +49,7 @@ jobs:
       - name: Check for uncommitted changes
         run: |
           git diff --exit-code || (echo 'Unstaged changes detected. \
-          Run `make check-all` and use `git add` to address it.' && exit 1)
+          Run `make check` and use `git add` to address it.' && exit 1)
 
   code-ql:
     name: CodeQL

CONTRIBUTING.md

@@ -234,7 +234,7 @@ Please follow these contribution guidelines for OWASP Schema-related changes:
 Nest enforces code quality standards to ensure consistency and maintainability. You can run automated checks locally before pushing your changes:
 
 ```bash
-make check-all
+make check
 ```
 
 This command runs linters and other static analysis tools for both the frontend and backend.
@@ -245,7 +245,7 @@ This command runs linters and other static analysis tools for both the frontend
 Our CI/CD pipelines automatically run tests against every Pull Request. You can run tests locally before submitting a PR:
 
 ```bash
-make test-all
+make test
 ```
 
 This command runs tests and checks that coverage threshold requirements are satisfied for both backend and frontend.
@@ -286,7 +286,7 @@ git checkout -b feature/my-feature-name
 - Run the code quality checks and tests:
 
   ```bash
-  make check-test-all
+  make check-test
   ```
 
 - Write meaningful commit messages:

Makefile

@@ -7,17 +7,22 @@ include schema/Makefile
 build:
 	@docker compose build
 
-check-all: \
+clean: \
+	clean-backend \
+	clean-frontend \
+	clean-schema
+
+check: \
 	check-backend \
 	check-frontend \
 	check-spelling
 
 check-backend: \
 	pre-commit
 
-check-test-all: \
-	check-all \
-	test-all
+check-test: \
+	check \
+	test
 
 check-test-backend: \
 	pre-commit \
@@ -33,7 +38,7 @@ pre-commit:
 run:
 	@COMPOSE_BAKE=true docker compose -f docker/docker-compose-local.yaml up --build --remove-orphans
 
-test-all: \
+test: \
 	test-nest-app \
 	test-schema
 

backend/Makefile

@@ -1,3 +1,8 @@
+clean-backend:
+	@rm -rf frontend/.cache
+	@rm -rf frontend/.local
+	@rm -rf frontend/.venv
+
 exec-backend-command:
 	@docker exec -i nest-backend $(CMD)
 

backend/apps/core/api/csrf_token.py renamed to backend/apps/core/api/csrf.py

@@ -13,7 +13,7 @@
 from rest_framework import routers
 
 from apps.core.api.algolia import algolia_search
-from apps.core.api.csrf_token import get_csrf_token
+from apps.core.api.csrf import get_csrf_token
 from apps.github.api.urls import router as github_router
 from apps.owasp.api.urls import router as owasp_router
 from apps.slack.apps import SlackConfig
@@ -23,9 +23,9 @@
 router.registry.extend(owasp_router.registry)
 
 urlpatterns = [
+    path("csrf/", get_csrf_token),
     path("idx/", csrf_protect(algolia_search)),
     path("graphql/", csrf_protect(GraphQLView.as_view(graphiql=settings.DEBUG))),
-    path("csrf/", get_csrf_token),
     path("api/v1/", include(router.urls)),
     path("a/", admin.site.urls),
 ]

backend/settings/urls.py

@@ -3,6 +3,10 @@ check-frontend: \
 	format-frontend-code \
 	lint-frontend-code
 
+clean-frontend:
+	@rm -rf frontend/.pnpm-store
+	@rm -rf frontend/node_modules
+
 exec-frontend-command:
 	@docker exec -t nest-frontend $(CMD)
 
@@ -19,8 +23,8 @@ shell-frontend:
 	@CMD="/bin/sh" $(MAKE) exec-frontend-command-it
 
 test-frontend: \
-	test-frontend-e2e \
-	test-frontend-unit
+	test-frontend-unit \
+	test-frontend-e2e
 
 test-frontend-e2e:
 	@DOCKER_BUILDKIT=1 docker build \

frontend/Makefile

@@ -1,7 +1,7 @@
 import { getCsrfToken } from 'utils/utility'
 
-jest.mock('api/getCsrfToken', () => ({
-  getInitialCsrfToken: jest.fn(() => Promise.resolve('abc123')),
+jest.mock('api/fetchCsrfToken', () => ({
+  fetchCsrfToken: jest.fn(() => Promise.resolve('abc123')),
 }))
 
 describe('utility tests', () => {

frontend/__tests__/unit/utils/utility.test.ts

@@ -0,0 +1,31 @@
+import { CSRF_URL } from 'utils/credentials'
+import { AppError } from 'wrappers/ErrorWrapper'
+
+export const fetchCsrfToken = async (): Promise<string> => {
+  try {
+    const response = await fetch(CSRF_URL, {
+      credentials: 'include',
+      method: 'GET',
+    })
+
+    if (!response.ok) {
+      const message = `Failed to fetch CSRF token: ${response.status} ${response.statusText}`
+      throw new AppError(response.status, message)
+    }
+
+    const data = await response.json()
+
+    if (!data?.csrftoken) {
+      throw new AppError(500, 'CSRF token missing in response')
+    }
+
+    return data.csrftoken
+  } catch (error) {
+    if (error instanceof AppError) {
+      throw error
+    }
+
+    const message = error?.message || 'Unexpected error while fetching CSRF token'
+    throw new AppError(500, message)
+  }
+}