Skip to content

Job-Scheduler-API · Dead wiring + Scorecard (branch: prod)


Dead DB wiring (detail)

Commit 82cab98 ("remove db") ลบ TypeOrmModule.forRootAsync ออกจาก AppModule แต่เหลือ:

  1. .envDB_TYPE=mssql, host 10.188.128.58, DB_NAME=benefit, sa password (committed)
  2. configuration.ts:5-11 — maps db.* into ConfigService แต่ไม่มี config.get('db.*') ใด ๆ ใน src/
  3. app.module.ts:6import { TypeOrmModule } ค้าง แต่ไม่อยู่ใน imports: []
  4. npm depstypeorm, @nestjs/typeorm, mysql2 ใน package.json — zero runtime use
  5. Pre-removal irony — TypeORM เคยใช้ type: 'mysql' ทั้งที่ .env บอก mssql

Dead env ที่ไม่ได้อยู่ใน configuration.ts: VTRC_SERVER, VTRC_COMMON_SERVER, DB_TYPE

Dead imports ใน incidents.service.ts:3-4: InjectEntityManager, EntityManager


Identity / naming debt

FieldValueProblem
BASE_PATHbenefit-api/Copy-paste จาก benefit-api
DB_NAMEbenefitSame
Swagger pathbenefit-api/docsMisleading
Dockerfile EXPOSE3000Actual port 9900
Historical loglogs/30-01-2023.log shows 2WAY project nameTemplate residue

Integrations map

DirectionTargetUsed on prod?
Outbound cron POSTincident-management-api via vtrc-api nginx :7201✅ sole integration
Docker networkvtrc-api_default
MSSQL benefit DB.env❌ dead
VTRC_SERVER / VTRC_COMMON.env❌ dead
Meeting cronmeeting-vtrc-api❌ only on add-cronjob-meeting branch

Scorecard (consolidated)

Critical

IDFindingEvidence
SEC-JOBSCHED-01.env committed with MSSQL password + SECRET_KEY.env tracked in git
SEC-JOBSCHED-02Cron POST unauthenticated to production incident APIincidents.service.ts:20-21

High

IDFindingEvidence
SEC-JOBSCHED-03CORS origin: '*'main.ts:29-33
SEC-JOBSCHED-04JwtAuthGuard logs full user payloadjwt-auth.guard.ts:28-29
QUAL-JOBSCHED-04Entire TypeORM/JWT/empty-controller stack is dead weightapp.module.ts, app.controller.ts

Medium / Low

IDFinding
QUAL-JOBSCHED-01Committed log file may contain sensitive data
QUAL-JOBSCHED-02Broken e2e expects Hello World
OBS-JOBSCHED-01Dockerfile EXPOSE 3000 vs port 9900
OBS-JOBSCHED-02No health endpoint
LEG-JOBSCHED-01Meeting cron unmerged on other branch

Health scorecard

Dimensionสถานะ
Job correctness🟡
Secrets🔴
Outbound auth🔴
Dead code🔴
Naming identity🔴
Observability🟡
Test coverage🔴

0 🟢 / 2 🟡 / 5 🔴


Modernization ROI

  1. Rotate secrets + remove .env from git
  2. Auth on outbound cron + receiver verify
  3. Delete TypeORM/mysql2/JWT unused deps
  4. Fix BASE_PATH / project identity
  5. Add @Public() /health
  6. Decide: merge meeting cron or close branch

กลับไป 01 หรือ index