Merge pull request #1 from sdirishguy/fix/apostrophe-rendering-and-eslint-cleanup

feat: implement comprehensive security, accessibility, and testing im…

Author: sdirishguy

audit-ci.json

@@ -0,0 +1,5 @@
+{
+  "allowlist": [],
+  "level": "moderate",
+  "report-type": "important"
+}

e2e/navigation.spec.ts

@@ -0,0 +1,8 @@
+import { test, expect } from '@playwright/test'
+
+test('home to projects', async ({ page }) => {
+  await page.goto('/')
+  await expect(page).toHaveTitle(/DavidPDonohue/i)
+  await page.getByRole('link', { name: /projects/i }).click()
+  await expect(page).toHaveURL(/\/projects$/)
+})

eslint.config.mjs

@@ -1,25 +1,21 @@
-import { dirname } from "path";
-import { fileURLToPath } from "url";
-import { FlatCompat } from "@eslint/eslintrc";
+import { dirname } from 'path'
+import { fileURLToPath } from 'url'
+import { FlatCompat } from '@eslint/eslintrc'
 
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = dirname(__filename)
+const compat = new FlatCompat({ baseDirectory: __dirname })
 
-const compat = new FlatCompat({
-  baseDirectory: __dirname,
-});
-
-const eslintConfig = [
-  ...compat.extends("next/core-web-vitals", "next/typescript"),
+const config = [
+  ...compat.extends('next/core-web-vitals'),
   {
     rules: {
       'react/no-unescaped-entities': 'warn',
-      '@typescript-eslint/no-explicit-any': 'warn',
-      '@typescript-eslint/no-empty-object-type': 'warn',
       'react-hooks/rules-of-hooks': 'warn',
-      '@next/next/no-img-element': 'warn'
-    }
-  }
-];
+      '@next/next/no-img-element': 'warn',
+      'jsx-a11y/anchor-is-valid': 'warn',
+    },
+  },
+]
 
-export default eslintConfig;
+export default config

jest.config.js

@@ -0,0 +1,13 @@
+const nextJest = require('next/jest')
+const createJestConfig = nextJest({ dir: './' })
+
+/** @type {import('jest').Config} */
+const customConfig = {
+  testEnvironment: 'jest-environment-jsdom',
+  setupFilesAfterEnv: ['<rootDir>/jest.setup.ts'],
+  moduleNameMapper: {
+    '^@/(.*)$': '<rootDir>/src/$1',
+  },
+}
+
+module.exports = createJestConfig(customConfig)

jest.setup.ts

@@ -0,0 +1 @@
+import '@testing-library/jest-dom'

next.config.ts

@@ -1,27 +1,14 @@
-import type { NextConfig } from "next";
+import type { NextConfig } from 'next'
 
 const nextConfig: NextConfig = {
+  reactStrictMode: true,
   output: 'export',
   trailingSlash: true,
   images: {
-    unoptimized: true
+    unoptimized: true,
   },
-  // Ensure all assets are properly handled
-  assetPrefix: '',
-  basePath: '',
-  // Disable features that don't work with static export
-  webpack: (config, { isServer }) => {
-    if (!isServer) {
-      // Ensure client-side code is properly bundled
-      config.resolve.fallback = {
-        ...config.resolve.fallback,
-        fs: false,
-        net: false,
-        tls: false,
-      };
-    }
-    return config;
-  },
-};
+  eslint: { ignoreDuringBuilds: false },
+  typescript: { ignoreBuildErrors: false },
+}
 
-export default nextConfig;
+export default nextConfig

nginx/security-headers.conf

@@ -0,0 +1,31 @@
+# Include this file from the server block that serves your exported `out/` directory.
+#
+# Example:
+#   server {
+#     listen 80;
+#     server_name davidpdonohue.com;
+#     root /var/www/personal-portfolio/out;
+#     include /etc/nginx/snippets/security-headers.conf;
+#   }
+
+# Strict transport (enable on HTTPS vhost)
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# Mitigate XSS + enforce sources (adjust domains you actually use)
+add_header Content-Security-Policy "
+  default-src 'self';
+  script-src 'self' 'unsafe-inline' 'unsafe-eval';
+  style-src 'self' 'unsafe-inline';
+  img-src 'self' data: blob:;
+  font-src 'self' https://fonts.gstatic.com;
+  connect-src 'self' https:;
+  frame-ancestors 'none';
+  base-uri 'self';
+  form-action 'self';
+" always;
+
+# Other hardening headers
+add_header X-Frame-Options "DENY" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;