mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-18 13:14:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
201 commits 17 branches 0 tags 17 MiB
Commit graph

7 commits

Author SHA1 Message Date
Martin Porwoll
304e54f9e2 feat: upgrade Payload CMS 3.69.0 → 3.76.1 
Upgrade all 11 @payloadcms/* packages to 3.76.1, gaining fixes from
PRs #15404 (user.collection property for multi-tenant access control)
and #15499 (tenant selector uses beforeNav slot).

Fix afterLogin audit hook deadlock: payload.create() inside the hook
caused a transaction deadlock with PgBouncer in transaction mode under
Payload 3.76.1's stricter transaction handling. Changed to fire-and-forget
pattern to prevent login hangs.

Note: Next.js 15.5.9 peer dependency warning exists but build/runtime
work correctly. Consider upgrading Next.js to 16.x or downgrading to
15.4.11 in a follow-up.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 11:07:46 +00:00
Martin Porwoll
ce4962e74b feat: BullMQ queue system for email and PDF processing 
- Add BullMQ-based job queue with Redis backend
- Implement email worker with tenant-specific SMTP support
- Add PDF worker with Playwright for HTML/URL-to-PDF generation
- Create /api/generate-pdf endpoint with job status polling
- Fix TypeScript errors in Tenants, TenantBreadcrumb, TenantDashboard
- Fix type casts in auditAuthEvents and audit-service
- Remove credentials from ecosystem.config.cjs (now loaded via dotenv)
- Fix ESM __dirname issue with fileURLToPath for PM2 compatibility

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-09 22:59:17 +00:00
Martin Porwoll
0c0892f9de fix: support Express IncomingHttpHeaders for client info extraction 
- Add getHeaderValue() helper that works with multiple header formats:
  - Express req.get() method
  - Fetch API headers.get() method
  - Direct IncomingHttpHeaders object access
- Add isRequest() type guard to distinguish PayloadRequest from ClientInfo
- Use extractClientInfo() helper for consistent request/ClientInfo handling
- Apply same fix in auditAuthEvents.ts for hook context

This fixes the issue where PayloadRequest objects were incorrectly
detected as ClientInfo because IncomingHttpHeaders doesn't have .get()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 22:34:19 +00:00
Martin Porwoll
47d912016b fix: eliminate duplicate audit entries and add proper client context 
- Extend logLoginFailed to accept ClientInfo directly (not just PayloadRequest)
- Add logPasswordReset function for password reset audit logging
- Remove duplicate manual payload.create calls in login routes
- Implement real fallback in auditAfterForgotPassword with structured JSON log
- Login routes now create single audit entry with full IP/User-Agent context

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 22:07:52 +00:00
Martin Porwoll
dfb35566b7 fix: correct auth audit logging - use args.req.payload and override native login 
- Fix afterForgotPassword hook to read payload from args.req.payload instead of context
- Create /api/users/login route to override native Payload login endpoint
- Add IP/User-Agent context to failed login audit entries
- Update /api/auth/login with consistent client info logging

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 22:00:36 +00:00
Martin Porwoll
7b8efcff38 fix: complete auth event audit logging 
Addresses remaining gaps from the audit review:

1. Register afterForgotPassword hook in Users collection
   - Password reset requests are now properly logged
   - Fixed hook signature (uses context instead of req)

2. Create custom /api/auth/login endpoint
   - Wraps native Payload login
   - Logs failed login attempts via auditLoginFailed
   - Returns proper error responses without exposing details

3. Export auditLoginFailed helper function
   - Can be used by other custom auth handlers
   - Calls logLoginFailed from audit-service

Now all critical auth events are tracked:
- Successful logins (afterLogin hook)
- Failed logins (custom /api/auth/login endpoint)
- Logouts (afterLogout hook)
- Password reset requests (afterForgotPassword hook)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 21:31:11 +00:00
Martin Porwoll
f667792ba7 fix: complete audit logging integration based on audit review 
Fixes identified gaps from the monitoring & alerting audit:

1. Auth Events Integration:
   - Add auditAuthEvents.ts hook for login/logout tracking
   - Integrate afterLogin and afterLogout hooks in Users collection
   - Log successful logins, logouts, and password reset requests

2. Rate-Limit Logging:
   - Add logRateLimit calls to /api/send-email endpoint
   - Log when users exceed rate limits

3. Access-Denied Logging:
   - Add logAccessDenied calls to all protected endpoints:
     - /api/send-email
     - /api/email-logs/export
     - /api/email-logs/stats

4. Tenant Delete Sanitizing Fix:
   - Extract sanitizeTenantDoc as reusable function
   - Apply sanitization to auditTenantAfterDelete hook
   - SMTP passwords are now properly masked in delete audit logs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-07 21:24:28 +00:00