cms.c2sgmbh

mporwoll/cms.c2sgmbh

Fork 0

mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 17:24:12 +00:00

Commit graph

Author	SHA1	Message	Date
Martin Porwoll	8cb04fd130	fix: enforce mandatory tenant parameter on frontend API routes Custom API routes at /api/posts, /api/search, and /api/search/suggestions used payload.find() with overrideAccess:true (default) and optional tenant filtering. Without a ?tenant= parameter, ALL data from ALL tenants was returned — causing cross-tenant data leaks (e.g. sensualmoment.de Journal showing blogwoman articles). Now all three routes require a tenant parameter (400 error without it). Also accepts where[tenant][equals] format for compatibility with payload-contracts API clients. Removed debug logging from tenantAccess.ts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 15:22:48 +00:00
Martin Porwoll	ab4ee4bb70	fix(access): allow tenant resolution from query parameter in tenantScopedPublicRead Previously, tenantScopedPublicRead only resolved the tenant from the Host header, which fails when frontend API clients call cms.c2sgmbh.de (the CMS hostname doesn't match any tenant domain). Now falls back to extracting the tenant ID from the where[tenant][equals] query parameter. The returned access filter still enforces tenant isolation. Also adds seed script for zweitmeinung (tenant 12) with all content: site settings, 2 service categories, 6 services, 24 FAQs, navigation, 4 social links, and contact form. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 00:44:42 +00:00
Martin Porwoll	51c340e9e7	feat: add i18n, SEO, and frontend infrastructure Localization: - Add middleware for locale detection/routing - Add [locale] dynamic route structure - Add i18n utility library (DE/EN support) SEO & Discovery: - Add robots.ts for search engine directives - Add sitemap.ts for XML sitemap generation - Add structuredData.ts for JSON-LD schemas Utilities: - Add search.ts for full-text search functionality - Add tenantAccess.ts for multi-tenant access control - Add envValidation.ts for environment validation Frontend: - Update layout.tsx with locale support - Update page.tsx for localized content - Add API routes for frontend functionality - Add instrumentation.ts for monitoring 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-01 08:19:35 +00:00

Author

SHA1

Message

Date

Martin Porwoll

8cb04fd130

fix: enforce mandatory tenant parameter on frontend API routes

Custom API routes at /api/posts, /api/search, and /api/search/suggestions
used payload.find() with overrideAccess:true (default) and optional tenant
filtering. Without a ?tenant= parameter, ALL data from ALL tenants was
returned — causing cross-tenant data leaks (e.g. sensualmoment.de Journal
showing blogwoman articles).

Now all three routes require a tenant parameter (400 error without it).
Also accepts where[tenant][equals] format for compatibility with
payload-contracts API clients. Removed debug logging from tenantAccess.ts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-27 15:22:48 +00:00

Martin Porwoll

ab4ee4bb70

fix(access): allow tenant resolution from query parameter in tenantScopedPublicRead

Previously, tenantScopedPublicRead only resolved the tenant from the Host
header, which fails when frontend API clients call cms.c2sgmbh.de (the CMS
hostname doesn't match any tenant domain). Now falls back to extracting the
tenant ID from the where[tenant][equals] query parameter. The returned access
filter still enforces tenant isolation.

Also adds seed script for zweitmeinung (tenant 12) with all content:
site settings, 2 service categories, 6 services, 24 FAQs, navigation,
4 social links, and contact form.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-21 00:44:42 +00:00

Martin Porwoll

51c340e9e7

feat: add i18n, SEO, and frontend infrastructure

Localization:
- Add middleware for locale detection/routing
- Add [locale] dynamic route structure
- Add i18n utility library (DE/EN support)

SEO & Discovery:
- Add robots.ts for search engine directives
- Add sitemap.ts for XML sitemap generation
- Add structuredData.ts for JSON-LD schemas

Utilities:
- Add search.ts for full-text search functionality
- Add tenantAccess.ts for multi-tenant access control
- Add envValidation.ts for environment validation

Frontend:
- Update layout.tsx with locale support
- Update page.tsx for localized content
- Add API routes for frontend functionality
- Add instrumentation.ts for monitoring

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-01 08:19:35 +00:00

3 commits