mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 22:04:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
281 commits 17 branches 0 tags 17 MiB
Commit graph

5 commits

Author SHA1 Message Date
Martin Porwoll
4d1456fe98 feat: add production deploy health check script 
Monitors porwoll.de and blogwoman.de for stale builds caused by
Plesk Git's silent deploy failures (code pulled but build never ran).

- Compares source file timestamps vs .next/BUILD_ID mtime
- HTTP health checks via public URLs
- --alert flag for CMS monitoring API integration
- Runs as cron job every 30 minutes on sv-payload

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 11:42:45 +00:00
Martin Porwoll
77f70876f4 chore: add Claude Code config, prompts, and tenant setup scripts 
- Add .claude/ configuration (agents, commands, hooks, get-shit-done workflows)
- Add prompts/ directory with development planning documents
- Add scripts/setup-tenants/ with tenant configuration
- Add docs/screenshots/
- Remove obsolete phase2.2-corrections-report.md
- Update pnpm-lock.yaml
- Update detect-secrets.sh to ignore setup.sh (env var usage, not secrets)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-18 10:18:05 +00:00
Martin Porwoll
da735cab46 feat: add Products and ProductCategories collections with CI/CD pipeline 
- Add Products collection with comprehensive fields (pricing, inventory, SEO, CTA)
- Add ProductCategories collection with hierarchical structure
- Implement CI/CD pipeline with GitHub Actions (lint, typecheck, test, build, e2e)
- Add access control test utilities and unit tests
- Fix Posts API to include category field for backwards compatibility
- Update ESLint config with ignores for migrations and admin components
- Add centralized access control functions in src/lib/access
- Add db-direct.sh utility script for database access

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-12 21:36:26 +00:00
Martin Porwoll
0cdc25c4f0 feat: comprehensive security test suite 
Add 143 security tests covering all security modules:

Unit Tests (125 tests):
- rate-limiter.unit.spec.ts: limiter creation, request tracking,
  blocking, window reset, IP extraction, header generation
- csrf.unit.spec.ts: token generation/validation, origin checking,
  double submit cookie pattern, referer validation
- ip-allowlist.unit.spec.ts: CIDR matching, wildcards, endpoint-
  specific allowlist/blocklist rules, IP extraction
- data-masking.unit.spec.ts: field detection, pattern matching,
  recursive masking, JWT/connection string/private key handling

API Integration Tests (18 tests):
- security-api.int.spec.ts: rate limiting responses, IP blocking,
  CSRF protection on state-changing endpoints

Test Infrastructure:
- tests/helpers/security-test-utils.ts: CSRF token generators,
  mock request builders, environment setup utilities
- vitest.config.mts: updated to include unit tests
- package.json: added test:unit and test:security scripts
- .github/workflows/security.yml: added security-tests CI job

Also updated detect-secrets.sh to ignore .spec.ts and .test.ts
files which may contain example secrets for testing purposes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-08 00:20:47 +00:00
Martin Porwoll
fc94531931 feat: implement security hardening module 
Security Features:
- Central rate-limiter service with Redis support and memory fallback
  - Predefined limiters: publicApi, auth, email, search, form, strict
  - Automatic cleanup of stale entries
- IP allowlist/blocklist for sensitive endpoints
  - CIDR and wildcard support
  - Configurable via SEND_EMAIL_ALLOWED_IPS, BLOCKED_IPS env vars
- CSRF protection with Double Submit Cookie pattern
  - Token endpoint: GET /api/csrf-token
  - Origin header validation
- Data masking service for sensitive data
  - Automatic redaction of passwords, tokens, API keys
  - Safe logger factory for consistent logging
  - Recursive object masking for audit logs

Secret Scanning:
- Pre-commit hook for local secret detection
- GitHub Actions workflow with Gitleaks and CodeQL
- Gitleaks configuration file
- Dependency vulnerability scanning

Updated:
- /api/send-email now uses central rate-limiter and IP allowlist
- Redis lib exports getRedisClient and isRedisAvailable

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 23:04:14 +00:00