feat: P1 보안/성능 개선 및 마이그레이션 자동화

Security fixes: - migrate.ts: SQL/Command Injection 방지 (spawnSync 사용) - migrate.ts: Path Traversal 검증 추가 - api-tester.ts: API 키 마스킹 (4자만 노출) - api-tester.ts: 최소 16자 키 길이 검증 - cache.ts: ReDoS 방지 (패턴 길이/와일드카드 제한) Performance improvements: - cache.ts: 순차 삭제 → 병렬 배치 처리 (50개씩) - cache.ts: KV 등록 fire-and-forget (non-blocking) - cache.ts: 메모리 제한 (5000키) - cache.ts: 25초 실행 시간 가드 - cache.ts: 패턴 매칭 prefix 최적화 New features: - 마이그레이션 자동화 시스템 (scripts/migrate.ts) - KV 기반 캐시 인덱스 (invalidatePattern, clearAll) - 글로벌 CacheService 싱글톤 Other: - .env.example 추가, API 키 환경변수 처리 - CACHE_TTL.RECOMMENDATIONS (10분) 분리 - e2e-tester.ts JSON 파싱 에러 핸들링 개선 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 00:23:13 +09:00
parent 3a8dd705e6
commit 5a9362bf43
13 changed files with 1320 additions and 76 deletions
--- a/scripts/api-tester.ts
+++ b/scripts/api-tester.ts
@@ -4,10 +4,18 @@
 * Comprehensive test suite for API endpoints with colorful console output.
 * Tests all endpoints with various parameter combinations and validates responses.
 *
+ * Requirements:
+ *   API_KEY environment variable must be set
+ *
 * Usage:
+ *   export API_KEY=your-api-key-here
 *   npx tsx scripts/api-tester.ts
 *   npx tsx scripts/api-tester.ts --endpoint /health
 *   npx tsx scripts/api-tester.ts --verbose
+ *
+ * Or use npm scripts:
+ *   npm run test:api
+ *   npm run test:api:verbose
 */

 // ============================================================
@@ -15,7 +23,23 @@
 // ============================================================

 const API_URL = process.env.API_URL || 'https://cloud-instances-api.kappa-d8e.workers.dev';
-const API_KEY = process.env.API_KEY || '0f955192075f7d36b1432ec985713ac6aba7fe82ffa556e6f45381c5530ca042';
+const API_KEY = process.env.API_KEY;
+
+if (!API_KEY) {
+  console.error('\n❌ ERROR: API_KEY environment variable is required');
+  console.error('Please set API_KEY before running the tests:');
+  console.error('  export API_KEY=your-api-key-here');
+  console.error('  npm run test:api');
+  console.error('\nOr create a .env file (see .env.example for reference)');
+  process.exit(1);
+}
+
+if (API_KEY.length < 16) {
+  console.error('\n❌ ERROR: API_KEY must be at least 16 characters');
+  console.error('The provided API key is too short to be valid.');
+  console.error('Please check your API_KEY environment variable.');
+  process.exit(1);
+}

 // CLI flags
 const args = process.argv.slice(2);
@@ -585,7 +609,10 @@ async function runTests(): Promise<TestReport> {
  console.log(bold(color('\n🧪 Cloud Instances API Tester', colors.cyan)));
  console.log(color('================================', colors.cyan));
  console.log(`${color('Target:', colors.white)} ${API_URL}`);
-  console.log(`${color('API Key:', colors.white)} ${API_KEY.substring(0, 20)}...`);
+  const maskedKey = API_KEY.length > 4
+    ? `${API_KEY.substring(0, 4)}${'*'.repeat(8)}`
+    : '****';
+  console.log(`${color('API Key:', colors.white)} ${maskedKey}`);
  if (VERBOSE) {
    console.log(color('Mode: VERBOSE', colors.yellow));
  }