Add documentation and agent configuration files

2026-01-01 18:44:52 +05:30
parent f0ae49465a
commit 2e56de8161
7 changed files with 2239 additions and 0 deletions
--- a/QUICK_FIX_GUIDE.md
+++ b/QUICK_FIX_GUIDE.md
@@ -0,0 +1,327 @@
+# Quick Fix Guide - Critical Security Issues
+
+## 🔴 CRITICAL: Fix These Immediately
+
+### 1. XSS Vulnerability Fix
+
+**File:** `src/utils/customFunctions/TextLimit.js`
+
+**Install sanitization library:**
+```bash
+npm install isomorphic-dompurify
+```
+
+**Replace the sanitizeAndTrustHtml function:**
+```javascript
+import DOMPurify from 'isomorphic-dompurify';
+
+const sanitizeAndTrustHtml = (htmlString) => {
+    return { __html: DOMPurify.sanitize(htmlString) };
+};
+```
+
+---
+
+### 2. Implement Middleware Authentication
+
+**File:** `src/middleware.js`
+
+**Replace with:**
+```javascript
+import { NextResponse } from 'next/server';
+
+export async function middleware(request) {
+  const token = request.cookies.get('uat')?.value;
+  const { pathname } = request.nextUrl;
+  
+  // Public routes that don't require authentication
+  const publicRoutes = ['/auth/login', '/auth/register', '/auth/forgot-password'];
+  const isPublicRoute = publicRoutes.some(route => pathname.includes(route));
+  
+  // Redirect to login if no token and not on public route
+  if (!token && !isPublicRoute) {
+    const loginUrl = new URL('/en/auth/login', request.url);
+    return NextResponse.redirect(loginUrl);
+  }
+  
+  // Redirect to dashboard if has token and on login page
+  if (token && pathname.includes('/auth/login')) {
+    const dashboardUrl = new URL('/en/dashboard', request.url);
+    return NextResponse.redirect(dashboardUrl);
+  }
+  
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: [
+    "/",
+    "/account",
+    "/attachment/:path*",
+    "/attribute/:path*",
+    "/auth/:path*",
+    "/blog/:path*",
+    "/category/:path*",
+    "/checkout",
+    "/commission_history",
+    "/coupon/:path*",
+    "/currency/:path*",
+    "/dashboard",
+    "/dashboard/:path*",
+    "/faq/:path*",
+    "/notification/:path*",
+    "/order/:path*",
+    "/page/:path*",
+    "/payment_account/:path*",
+    "/point/:path*",
+    "/product/:path*",
+    "/refund",
+    "/review/:path*",
+    "/role/",
+    "/setting/:path*",
+    "/shipping/:path*",
+    "/store/:path*",
+    "/tag/:path*",
+    "/tax/:path*",
+    "/theme/:path*",
+    "/theme_option/:path*",
+    "/user/:path*",
+    "/vendore_wallet/:path*",
+    "/wallet/:path*",
+    "/withdraw_request/:path*",
+    "/vendor_wallet/:path*",
+    "/theme/denver",
+    "/notifications",
+    "/qna",
+  ],
+};
+```
+
+---
+
+### 3. Update .gitignore
+
+**File:** `.gitignore`
+
+**Replace with:**
+```gitignore
+# Dependencies
+node_modules/
+/.pnp
+.pnp.js
+
+# Testing
+/coverage
+
+# Next.js
+/.next/
+/out/
+
+# Production
+/build
+
+# Misc
+.DS_Store
+*.pem
+
+# Debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Local env files
+.env
+.env*.local
+
+# Vercel
+.vercel
+
+# TypeScript
+*.tsbuildinfo
+next-env.d.ts
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+```
+
+---
+
+### 4. Enable React Strict Mode
+
+**File:** `next.config.js`
+
+**Change:**
+```javascript
+const nextConfig = {
+  reactStrictMode: true,  // ✅ Enable this
+  // ... rest of config
+};
+```
+
+---
+
+### 5. Fix Axios Error Handling
+
+**File:** `src/utils/axiosUtils/index.js`
+
+**Replace the onError function:**
+```javascript
+const onError = (error) => {
+  const status = error?.response?.status;
+  
+  // Handle specific status codes
+  if (status === 401) {
+    // Unauthorized - clear auth and redirect to login
+    document.cookie = 'uat=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;';
+    router?.push("/en/auth/login");
+  } else if (status === 403) {
+    // Forbidden
+    router?.push("/en/403");
+  }
+  
+  // Always reject the promise so calling code can handle errors
+  return Promise.reject(error);
+};
+```
+
+---
+
+### 6. Remove Console Statements
+
+**Files to update:**
+
+1. `src/components/product/DateRangePicker.js:35`
+   - Remove: `console.log('Date range error handled:', error.message);`
+
+2. `src/components/role/PermissionForm.js:19`
+   - Remove: `console.log(errors[0]?.message);`
+   - Replace with proper error handling
+
+3. `src/app/[lng]/layout.js:7`
+   - Remove: `console.log("err", err)`
+   - Replace with proper error handling or logging service
+
+---
+
+### 7. Fix GetCookie Function
+
+**File:** `src/utils/customFunctions/GetCookie.js`
+
+**Replace with:**
+```javascript
+export default function getCookie(cname) {
+  if (typeof document === 'undefined') return '';
+  
+  const name = cname + "=";
+  const decodedCookie = decodeURIComponent(document.cookie);
+  const ca = decodedCookie.split(";");
+  
+  for (let i = 0; i < ca.length; i++) {
+    let c = ca[i];
+    while (c.charAt(0) === " ") {  // ✅ Use strict equality
+      c = c.substring(1);
+    }
+    if (c.indexOf(name) === 0) {  // ✅ Use strict equality
+      return c.substring(name.length, c.length);
+    }
+  }
+  return "";
+}
+
+export function checkCookie() {
+  const username = getCookie("username");
+  return username !== "" && Boolean(username);  // ✅ Use strict equality
+}
+```
+
+---
+
+## 🔧 Automated Fix Script
+
+Create a file `scripts/fix-equality.sh`:
+
+```bash
+#!/bin/bash
+
+# This script replaces loose equality operators with strict ones
+# Run with: bash scripts/fix-equality.sh
+
+echo "Fixing loose equality operators..."
+
+# Find all .js and .jsx files and replace == with ===
+find src -type f \( -name "*.js" -o -name "*.jsx" \) -exec sed -i 's/ == / === /g' {} +
+find src -type f \( -name "*.js" -o -name "*.jsx" \) -exec sed -i 's/ != / !== /g' {} +
+
+# Fix specific patterns
+find src -type f \( -name "*.js" -o -name "*.jsx" \) -exec sed -i 's/(==/===/g' {} +
+find src -type f \( -name "*.js" -o -name "*.jsx" \) -exec sed -i 's/==)/===/g' {} +
+
+echo "Done! Please review changes before committing."
+echo "Run 'git diff' to see what changed."
+```
+
+**Usage:**
+```bash
+chmod +x scripts/fix-equality.sh
+./scripts/fix-equality.sh
+```
+
+**⚠️ Warning:** Review all changes carefully as some comparisons might intentionally use loose equality.
+
+---
+
+## 📋 Verification Checklist
+
+After applying fixes, verify:
+
+- [ ] XSS vulnerability fixed (test with malicious HTML input)
+- [ ] Middleware redirects unauthenticated users
+- [ ] .gitignore prevents committing sensitive files
+- [ ] React Strict Mode enabled (check for warnings)
+- [ ] Axios properly rejects errors
+- [ ] No console statements in production code
+- [ ] All equality operators are strict (===, !==)
+- [ ] Application still functions correctly
+- [ ] Run `npm run lint` and fix any errors
+- [ ] Test authentication flow
+- [ ] Test permission-based routing
+
+---
+
+## 🚀 Deployment Checklist
+
+Before deploying to production:
+
+- [ ] All critical fixes applied
+- [ ] Environment variables properly configured
+- [ ] .env files not committed to git
+- [ ] Build succeeds without errors
+- [ ] No console warnings in production build
+- [ ] Security headers configured
+- [ ] HTTPS enabled
+- [ ] Rate limiting implemented
+- [ ] Error monitoring setup (Sentry, etc.)
+- [ ] Backup strategy in place
+
+---
+
+## 📞 Support
+
+If you encounter issues while applying these fixes:
+
+1. Check the full CODE_REVIEW.md for detailed explanations
+2. Test each fix individually
+3. Use git to track changes and revert if needed
+4. Consider creating a feature branch for these fixes
+
+---
+
+**Last Updated:** January 2026