feat(ci): add deep quality assertions (html, security, links, spelling)

2026-02-22 00:29:49 +01:00
parent 36d193f8ec
commit b29e08e954
8 changed files with 1130 additions and 2 deletions
--- a/scripts/check-security.ts
+++ b/scripts/check-security.ts
@@ -0,0 +1,54 @@
+import axios from 'axios';
+
+const targetUrl = process.argv[2] || process.env.NEXT_PUBLIC_BASE_URL || 'http://localhost:3000';
+const gatekeeperPassword = process.env.GATEKEEPER_PASSWORD || 'klz2026';
+
+const requiredHeaders = [
+  'strict-transport-security',
+  'x-frame-options',
+  'x-content-type-options',
+  'referrer-policy',
+  'content-security-policy',
+];
+
+async function main() {
+  console.log(`\n🛡️ Starting Security Headers Scan for: ${targetUrl}\n`);
+  try {
+    const response = await axios.head(targetUrl, {
+      headers: { Cookie: `klz_gatekeeper_session=${gatekeeperPassword}` },
+      validateStatus: () => true,
+    });
+
+    const headers = response.headers;
+    let allPassed = true;
+
+    const results = requiredHeaders.map((header) => {
+      const present = !!headers[header];
+      if (!present) allPassed = false;
+      return {
+        Header: header,
+        Status: present ? '✅ Present' : '❌ Missing',
+        Value: present
+          ? headers[header].length > 50
+            ? headers[header].substring(0, 47) + '...'
+            : headers[header]
+          : 'N/A',
+      };
+    });
+
+    console.table(results);
+
+    if (allPassed) {
+      console.log(`\n✅ All required security headers are correctly configured!\n`);
+      process.exit(0);
+    } else {
+      console.log(`\n❌ Missing critical security headers. Please update next.config.mjs!\n`);
+      process.exit(process.env.CI ? 1 : 0); // Don't crash local dev hard if missing, but crash CI
+    }
+  } catch (error: any) {
+    console.error(`❌ Failed to scan headers: ${error.message}`);
+    process.exit(1);
+  }
+}
+
+main();