eric/smart-city-digital-twin-martinique
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(smart-app): implement complete mobile app MVP

Browse Source 
- App.tsx: full navigation (Auth stack + Main tabs with 5 screens)
- Auth: LoginScreen, RegisterScreen, ForgotPasswordScreen
- HomeScreen: dashboard with IoT metrics, weather widget, alerts, quick actions, sensors
- MapScreen: interactive map with layer toggles (6 layers)
- MarketplaceScreen: categories (6), products (5), search
- ChatScreen: AI chat with quick prompts (4), bot responses
- ProfileScreen: user info, stats, menu (9 items), logout
- AlertsScreen: alert list with severity, acknowledge
- SensorsScreen: sensor list with type filters (6 types), search
- ZonesScreen: zone cards with stats
- SettingsScreen: language picker (FR/EN/ES/DE), privacy, about
- Stores: iotStore (sensors, zones, alerts), notificationStore, uiStore + i18n
- Hooks: useSensors, useAlerts, useNotifications, useLocation
- Components: Card, Button, LoadingSpinner, ErrorBoundary, Header
- Services: iotService, notificationService (with axios API client)
- Utils: formatters (temp, AQI, noise, dates), validators (email, password, IBAN)
- Theme: colors.ts with full design system (Blue Ocean palette)
- Ditto: fixed MongoDB connection, new JWT secrets, official gateway image
This commit is contained in:
Eric FELIXINE
2026-06-01 18:00:35 -04:00
parent 08ca495bde
commit e30ae8ed09
35578 changed files with 3703534 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
smart-app-city/frontend/node_modules/resolve/.github/THREAT_MODEL.md generated vendored Normal file
View File

@@ -0,0 +1,74 @@
## Threat Model for resolve (module path resolution library)
### 1. Library Overview
- **Library Name:** resolve
- **Brief Description:** Implements Node.js `require.resolve()` algorithm for synchronous and asynchronous file path resolution. Used to locate modules and files in Node.js projects.
- **Key Public APIs/Functions:** `resolve.sync()` / `resolve/sync`, `resolve()` / `resolve/async`
### 2. Define Scope
This threat model focuses on the core path resolution algorithm, including filesystem interaction, option handling, and cache management.
### 3. Conceptual System Diagram
```
Caller Application → resolve(id, options) → Resolution Algorithm → File System
└→ Options Handling
└→ Cache System
```
**Trust Boundaries:**
- **Input module IDs:** May come from untrusted sources (user input, configuration)
- **Filesystem access:** The library interacts with the filesystem to resolve paths
- **Options:** Provided by the caller
- **Cache:** Used to improve performance, but could be a vector for tampering or information disclosure if not handled securely
### 4. Identify Assets
- **Integrity of resolution output:** Ensure correct and safe file path matching.
- **Confidentiality of configuration:** Prevent sensitive path information from being leaked.
- **Availability/performance for host application:** Prevent crashes or resource exhaustion.
- **Security of host application:** Prevent path traversal or unintended filesystem access.
- **Reputation of library:** Maintain trust by avoiding supply chain attacks and vulnerabilities[1][3][4].
### 5. Identify Threats
| Component / API / Interaction | S | T | R | I | D | E |
|-----------------------------------------------------|----|----|----|----|----|----|
| Public API Call (`resolve/async`, `resolve/sync`) | ✓ | ✓ | | ✓ | | |
| Filesystem Access | | ✓ | | ✓ | ✓ | |
| Options Handling | ✓ | ✓ | | ✓ | | |
| Cache System | | ✓ | | ✓ | | |
**Key Threats:**
- **Spoofing:** Malicious module IDs mimicking legitimate packages, or spoofing configuration options[1].
- **Tampering:** Caller-provided paths altering resolution order, or cache tampering leading to incorrect results[1][4].
- **Information Disclosure:** Error messages revealing filesystem structure or sensitive paths[1].
- **Denial of Service:** Recursive or excessive resolution exhausting filesystem handles or causing application crashes[1].
- **Path Traversal:** Malicious input allowing access to files outside the intended directory[4].
### 6. Mitigation/Countermeasures
| Threat Identified | Proposed Mitigation |
|--------------------------------------------|---------------------|
| Spoofing (malicious module IDs/config) | Sanitize input IDs; validate against known patterns; restrict `basedir` to app-controlled paths[1][4]. |
| Tampering (path traversal, cache) | Validate input IDs for directory escapes; secure cache reads/writes; restrict cache to trusted sources[1][4]. |
| Information Disclosure (error messages) | Generic "not found" errors without internal paths; avoid exposing sensitive configuration in errors[1]. |
| Denial of Service (resource exhaustion) | Limit recursive resolution depth; implement timeout; monitor for excessive filesystem operations[1]. |
### 7. Risk Ranking
- **High:** Path traversal via malicious IDs (if not properly mitigated)
- **Medium:** Cache tampering or spoofing (if cache is not secured)
- **Low:** Information disclosure in errors (if error handling is generic)
### 8. Next Steps & Review
1. **Implement input sanitization for module IDs and configuration.**
2. **Add resolution depth limiting and timeout.**
3. **Audit cache handling for race conditions and tampering.**
4. **Regularly review dependencies for vulnerabilities.**
5. **Keep documentation and threat model up to date.**
6. **Monitor for new threats as the ecosystem and library evolve[1][3].**