Add comprehensive security audit (86 findings across 10 areas)

Secure dev auth with signed tokens, add email support for --user Simplify breakpoint variables, suppress Sass deprecation warnings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-19 01:14:31 +00:00
parent ee87bc6297
commit f67c88a4f1
10 changed files with 270 additions and 35 deletions
--- a/bin/route-debug.js
+++ b/bin/route-debug.js
@@ -10,7 +10,7 @@
 *   route              The route to debug (e.g., /dashboard)
 * 
 * Options:
- *   --user-id=<id>     Test as specific user ID
+ *   --user=<id>        Test as specific user ID
 *   --log              Always display Laravel error log
 *   --no-body          Suppress body output
 *   --follow-redirects Follow redirects and show redirect chain
@@ -33,7 +33,7 @@ function parse_args() {
        console.log('  route              The route to debug (e.g., /dashboard)');
        console.log('');
        console.log('Options:');
-        console.log('  --user-id=<id>     Test as specific user ID');
+        console.log('  --user=<id>        Test as specific user ID');
        console.log('  --log              Always display Laravel error log');
        console.log('  --no-body          Suppress body output');
        console.log('  --follow-redirects Follow redirects and show redirect chain');
@@ -98,12 +98,15 @@ function parse_args() {
        console_debug_disable: false,
        screenshot_width: null,
        screenshot_path: null,
-        dump_dimensions: null
+        dump_dimensions: null,
+        dev_auth_token: null
    };
    
    for (const arg of args) {
-        if (arg.startsWith('--user-id=')) {
+        if (arg.startsWith('--user=')) {
            options.user_id = arg.split('=')[1];
+        } else if (arg.startsWith('--dev-auth-token=')) {
+            options.dev_auth_token = arg.split('=')[1];
        } else if (arg === '--log') {
            options.show_log = true;
        } else if (arg === '--no-body') {
@@ -377,6 +380,9 @@ function parse_args() {
    if (options.user_id) {
        extraHeaders['X-Dev-Auth-User-Id'] = options.user_id;
    }
+    if (options.dev_auth_token) {
+        extraHeaders['X-Dev-Auth-Token'] = options.dev_auth_token;
+    }
    // Add Playwright test header to get text errors
    extraHeaders['X-Playwright-Test'] = '1';
    // Add console debug header if console logging is requested