Pull Request: Comprehensive System Hardening & Testing Suite (#156, #180, #222, #227)#229
Merged
Nathydre merged 2 commits intonathydre21:mainfrom Mar 28, 2026
Conversation
|
@JamesEjembi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📝 Description
This PR represents a major stability and security overhaul for the Nepa platform. It transitions the project from a functional prototype to a production-ready application by implementing rigorous testing, PWA offline resilience, and robust API security.
🎯 Key Changes by Issue
Unit/Integration: Expanded Jest coverage to 92%, focusing on service-level logic.
E2E: Added Playwright flows for user registration, file upload, and classification.
Performance: Integrated k6 scripts to baseline API response times under 50+ concurrent users.
Updated the frontend to chunk large files and increased the backend client_max_body_size.
Added graceful error handling and progress bars for files exceeding the 10MB threshold.
Service Worker: Implemented custom caching strategies in pwa-utils.ts to cache the last 20 classification results.
Offline UI: Created a dedicated offline.tsx fallback page that allows users to browse cached history without a connection.
JWT Implementation: Secured the Python/Flask ML API using flask-jwt-extended.
RBAC: Added decorators to restrict high-resource model inference to authorized user roles.
💻 Implementation Snippet: JWT Security (ml-model-api/auth.py)
Python
from functools import wraps
from flask_jwt_extended import verify_jwt_in_request, get_jwt
def role_required(role):
def wrapper(fn):
@wraps(fn)
def decorator(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims.get("role") != role:
return {"msg": "Admins only!"}, 403
return fn(*args, **kwargs)
return decorator
return wrapper
✅ Acceptance Criteria Checklist
[x] Coverage: npm test -- --coverage confirms >90% on critical services.
[x] Stability: 50MB files now upload successfully (or show clear size errors).
[x] Offline: Application remains interactive in Chrome's "Offline" mode.
[x] Security: All /inference endpoints return 401 Unauthorized without a valid JWT.
🚀 How to Verify
Run Tests: npm run test:all (executes Jest, Playwright, and k6).
Test Auth: Attempt to hit the ML API via cURL without a header.
Test Offline: Open the app, go to Airplane Mode, and verify the history still loads.
🔗 Linked Issues
Closes #156
Closes #180
Closes #222
Closes #227