chore: apply code review fixes across di, decorators, types, and test quality#13
Merged
kenneth-loto merged 3 commits intoJul 1, 2026
Merged
Conversation
… docs to main Merges the Alpine Dockerfile with --omit=peer and PostgreSQL-only WASM pruning cutting the image from 907 MB to 406 MB, the job-level CI change detection conditions reducing unnecessary runner provisioning, DEPLOYMENT.md, the README deployment section, and .env.example from develop into main.
Merges the Express trust proxy true config, ArcjetOptionalGuard with SkipArcjet decorator support, the cloudflare() proxy helper in arcjet.module, the SkipArcjet decorator on the health check root route, and the readme live demo url and cold-start note from develop into main.
… quality - move AllExceptionsFilter and TransformInterceptor from main.ts new instantiation to AppModule via APP_FILTER and APP_INTERCEPTOR tokens - move AuthGuard to AppModule via APP_GUARD token - change ArcjetOptionalGuard registration from useFactory to useExisting so it can be overridden in tests - create src/common/decorators/current-user.decorator.ts as a fully typed param decorator replacing direct req.user access across controllers - update task, comment, and project controllers to use CurrentUser decorator instead of Req with manual user extraction and null guards - change UpdateCommentDto from hand-written fields to extends PartialType of CreateCommentDto - change task service where clause type from Record string unknown to Prisma.TaskWhereInput - add transform true to ValidationPipe in main.ts - replace AllowAnonymous with Public decorator in app.controller.ts - simplify task, comment, and project controller specs by passing user objects directly instead of mock Request with as unknown cast - add as const to mockUser.role in user.service.spec.ts
|
Base branch auto-updated: This PR has been redirected from |
Dependency ReviewThe following issues were found:
License Issues.opencode/package-lock.json
OpenSSF ScorecardScorecard details
Scanned Files
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Applies 8 code review fixes addressing DI correctness, a reusable current user decorator, stricter Prisma types, DTO consistency, and cleaner test setup.
What's Changed
AllExceptionsFilterandTransformInterceptorfromnewinstantiation inmain.tstoAppModuleproviders usingAPP_FILTERandAPP_INTERCEPTORtokens so they participate fully in the DI containerAuthGuardtoAppModuleviaAPP_GUARDtoken for the same reasonArcjetOptionalGuardregistration fromuseFactorytouseExistingso tests can override it via the DI container without the factory re-instantiating itsrc/common/decorators/current-user.decorator.tsas acreateParamDecoratorthat readsreq.userwith full typing, replacing direct@Req()access and!assertions across controllersTaskController,CommentController, andProjectControllerto use@CurrentUser()instead of@Req()with manual user extraction and null guard boilerplateUpdateCommentDtofrom hand-written fields toextends PartialType(CreateCommentDto)for consistency with other update DTOsRecord<string, unknown>toPrisma.TaskWhereInputfor proper Prisma type safetytransform: trueto the globalValidationPipeso plain request objects are transformed into DTO class instances@AllowAnonymous()with@Public()inapp.controller.tstask.controller.spec.ts,comment.controller.spec.ts, andproject.controller.spec.tsby passing user objects directly to service calls instead of constructing mockRequestobjects withas unknowncastsas consttomockUser.roleinuser.service.spec.tsto satisfy the string literal typeWhy
Registering filters, interceptors, and guards via
APP_FILTER,APP_INTERCEPTOR, andAPP_GUARDtokens is the NestJS-idiomatic approach because it makes them part of the module system and testable via standard DI overrides. The@CurrentUser()decorator eliminates repeatedreq.user!boilerplate and centralizes the typing in one place.transform: trueon theValidationPipeis required for class transformation to actually work — without it, decorators like@Type()are no-ops. Switching touseExistingforArcjetOptionalGuardunblocks test overrides that were silently broken withuseFactory.