Job-Scheduler-API · Dead wiring + Scorecard (branch: prod)
Dead DB wiring (detail)
Commit 82cab98 ("remove db") ลบ TypeOrmModule.forRootAsync ออกจาก AppModule แต่เหลือ:
.env—DB_TYPE=mssql, host10.188.128.58,DB_NAME=benefit,sapassword (committed)configuration.ts:5-11— mapsdb.*into ConfigService แต่ไม่มีconfig.get('db.*')ใด ๆ ในsrc/app.module.ts:6—import { TypeOrmModule }ค้าง แต่ไม่อยู่ในimports: []- npm deps —
typeorm,@nestjs/typeorm,mysql2ในpackage.json— zero runtime use - Pre-removal irony — TypeORM เคยใช้
type: 'mysql'ทั้งที่.envบอก mssql
Dead env ที่ไม่ได้อยู่ใน configuration.ts: VTRC_SERVER, VTRC_COMMON_SERVER, DB_TYPE
Dead imports ใน incidents.service.ts:3-4: InjectEntityManager, EntityManager
Identity / naming debt
| Field | Value | Problem |
|---|---|---|
BASE_PATH | benefit-api/ | Copy-paste จาก benefit-api |
DB_NAME | benefit | Same |
| Swagger path | benefit-api/docs | Misleading |
| Dockerfile EXPOSE | 3000 | Actual port 9900 |
| Historical log | logs/30-01-2023.log shows 2WAY project name | Template residue |
Integrations map
| Direction | Target | Used on prod? |
|---|---|---|
| Outbound cron POST | incident-management-api via vtrc-api nginx :7201 | ✅ sole integration |
| Docker network | vtrc-api_default | ✅ |
| MSSQL benefit DB | .env | ❌ dead |
| VTRC_SERVER / VTRC_COMMON | .env | ❌ dead |
| Meeting cron | meeting-vtrc-api | ❌ only on add-cronjob-meeting branch |
Scorecard (consolidated)
Critical
| ID | Finding | Evidence |
|---|---|---|
| SEC-JOBSCHED-01 | .env committed with MSSQL password + SECRET_KEY | .env tracked in git |
| SEC-JOBSCHED-02 | Cron POST unauthenticated to production incident API | incidents.service.ts:20-21 |
High
| ID | Finding | Evidence |
|---|---|---|
| SEC-JOBSCHED-03 | CORS origin: '*' | main.ts:29-33 |
| SEC-JOBSCHED-04 | JwtAuthGuard logs full user payload | jwt-auth.guard.ts:28-29 |
| QUAL-JOBSCHED-04 | Entire TypeORM/JWT/empty-controller stack is dead weight | app.module.ts, app.controller.ts |
Medium / Low
| ID | Finding |
|---|---|
| QUAL-JOBSCHED-01 | Committed log file may contain sensitive data |
| QUAL-JOBSCHED-02 | Broken e2e expects Hello World |
| OBS-JOBSCHED-01 | Dockerfile EXPOSE 3000 vs port 9900 |
| OBS-JOBSCHED-02 | No health endpoint |
| LEG-JOBSCHED-01 | Meeting cron unmerged on other branch |
Health scorecard
| Dimension | สถานะ |
|---|---|
| Job correctness | 🟡 |
| Secrets | 🔴 |
| Outbound auth | 🔴 |
| Dead code | 🔴 |
| Naming identity | 🔴 |
| Observability | 🟡 |
| Test coverage | 🔴 |
0 🟢 / 2 🟡 / 5 🔴
Modernization ROI
- Rotate secrets + remove
.envfrom git - Auth on outbound cron + receiver verify
- Delete TypeORM/mysql2/JWT unused deps
- Fix
BASE_PATH/ project identity - Add
@Public()/health - Decide: merge meeting cron or close branch