cms.c2sgmbh

mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 18:34:13 +00:00

Author	SHA1	Message	Date
Martin Porwoll	e3c7d92121	feat: add staging deployment workflow and script - Add GitHub Actions workflow for automatic staging deployment on develop branch - Add manual deploy script with --skip-build and --skip-migrations options - Update CLAUDE.md with deployment documentation - Mark staging-deployment TODO as complete Deployment target: pl.c2sgmbh.de (37.24.237.181) Triggers: push to develop, manual workflow_dispatch 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-14 12:37:25 +00:00
Martin Porwoll	da735cab46	feat: add Products and ProductCategories collections with CI/CD pipeline - Add Products collection with comprehensive fields (pricing, inventory, SEO, CTA) - Add ProductCategories collection with hierarchical structure - Implement CI/CD pipeline with GitHub Actions (lint, typecheck, test, build, e2e) - Add access control test utilities and unit tests - Fix Posts API to include category field for backwards compatibility - Update ESLint config with ignores for migrations and admin components - Add centralized access control functions in src/lib/access - Add db-direct.sh utility script for database access 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-12 21:36:26 +00:00
Martin Porwoll	0cdc25c4f0	feat: comprehensive security test suite Add 143 security tests covering all security modules: Unit Tests (125 tests): - rate-limiter.unit.spec.ts: limiter creation, request tracking, blocking, window reset, IP extraction, header generation - csrf.unit.spec.ts: token generation/validation, origin checking, double submit cookie pattern, referer validation - ip-allowlist.unit.spec.ts: CIDR matching, wildcards, endpoint- specific allowlist/blocklist rules, IP extraction - data-masking.unit.spec.ts: field detection, pattern matching, recursive masking, JWT/connection string/private key handling API Integration Tests (18 tests): - security-api.int.spec.ts: rate limiting responses, IP blocking, CSRF protection on state-changing endpoints Test Infrastructure: - tests/helpers/security-test-utils.ts: CSRF token generators, mock request builders, environment setup utilities - vitest.config.mts: updated to include unit tests - package.json: added test:unit and test:security scripts - .github/workflows/security.yml: added security-tests CI job Also updated detect-secrets.sh to ignore .spec.ts and .test.ts files which may contain example secrets for testing purposes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-08 00:20:47 +00:00
Martin Porwoll	fc94531931	feat: implement security hardening module Security Features: - Central rate-limiter service with Redis support and memory fallback - Predefined limiters: publicApi, auth, email, search, form, strict - Automatic cleanup of stale entries - IP allowlist/blocklist for sensitive endpoints - CIDR and wildcard support - Configurable via SEND_EMAIL_ALLOWED_IPS, BLOCKED_IPS env vars - CSRF protection with Double Submit Cookie pattern - Token endpoint: GET /api/csrf-token - Origin header validation - Data masking service for sensitive data - Automatic redaction of passwords, tokens, API keys - Safe logger factory for consistent logging - Recursive object masking for audit logs Secret Scanning: - Pre-commit hook for local secret detection - GitHub Actions workflow with Gitleaks and CodeQL - Gitleaks configuration file - Dependency vulnerability scanning Updated: - /api/send-email now uses central rate-limiter and IP allowlist - Redis lib exports getRedisClient and isRedisAvailable 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-07 23:04:14 +00:00

4 commits