Build [v1.5.0] - Box Management & Label Printing

This commit is contained in:
Daniel Bedeleanu
2026-04-12 21:30:50 +03:00
parent e383b97d44
commit 2e5c666cc8
18 changed files with 1007 additions and 336 deletions

View File

@@ -7,45 +7,41 @@
---
## STATUS: 🟢 STABLE — SECURITY HARDENING & PWA OPTIMIZATION COMPLETE
## STATUS: 🟢 STABLE — BOX MANAGEMENT & LABEL PRINTING COMPLETE (v1.5.0)
The TFM aInventory v1.4.0 is now fully hardened, tested, and optimized for mobile/enterprise use. All security vulnerabilities identified in the audit have been addressed, and the UI has been upgraded to a high-fidelity "Premium" standard.
The TFM aInventory v1.5.0 has been upgraded with a powerful local-first Box/Container management system. Users can now group items into boxes, identify them instantly via local OCR, and print physical Barcode/QR labels directly from the PWA.
---
## WHAT WAS DONE THIS SESSION
### 1. Security Hardening (Backend)
- **Rate Limiting** — Implemented `slowapi` on `/users/login` (5 req/min) to prevent brute-force attacks.
- **RBAC Enforcement** — Restricted `DELETE /items/` exclusively to the **Admin** role.
- **Sensitive Data** — Scrubbed `JWT_SECRET_KEY` and other sensitive snippets from debug logs.
- **REST API Testing** — Developed an automated Python test suite (`backend/tests/api_bench.py`) to verify Auth, RBAC, and Rate Limiting. Confirmed all **PASS**.
### 1. Box Management Architecture (Backend)
- **Database Schema** — Added `box_label` column to the `items` table.
- **Audit Integrity** — Updated `AuditLog` snapshots to capture `box_label` at the time of each transaction, ensuring immutable historical traceability even if items are moved.
- **API Support** — Exposed `box_label` in Pydantic schemas and item routers.
### 2. Admin & LDAP Integration
- **Dual Group Mapping** — Restored the UI fields for strictly mapping separated Admin and User groups in LDAP.
- **TLS Configuration** — Replaced the text link with a high-visibility **Switch Component** for TLS activation.
- **State Cleanup** — Fixed initialization bugs where the Enterprise card wouldn't load from disk correctly.
### 2. Intelligent Scanner Routing (Frontend)
- **Box Match Priority** — Rewrote the scanner's `onOCRMatch` logic to prioritize box labels.
- **Multi-Item Support** — Developed a "Box Contents" interstitial modal that handles containers with multiple distinct item types.
- **Token Matching** — Implemented a local fuzzy token-matching engine for generic box text recognition without AI costs.
### 3. PWA & Mobile Expert Audit
- **Icon Assets** — Generated missing PWA icons (192, 512, maskable) from the source logo using `sips`.
- **Manifest Upgrade** — Added "Maskable" icon support, orientation lock, and app shortcuts.
- **iOS Support** — Added Apple-specific meta tags (`apple-mobile-web-app-capable`, status bar styles) for a native experience on iPhone.
### 3. Dependency-Free Label System
- **Native Generation** — Built a zero-dependency SVG engine for Code 128 Barcodes and QR Codes (`lib/labels.ts`).
- **Box Manager Dashboard** — Added a dedicated UI to view all existing boxes and trigger label generation.
- **Hybrid Printing** — Implemented CSS `@media print` for professional desktop printers and "Save as PNG" rasterization for portable Bluetooth printers on mobile.
### 4. Modern CSS & Visual Excellence
- **Glassmorphism** — Created and applied a custom `.glass-card` utility (backdrop-blur-xl + subtle gradients) to all primary UI sections.
- **Safe Areas** — Implemented `pb-safe` to ensure bottom navigation doesn't overlap with iOS home bars.
- **Fluid Typography** — Added `clamp()` based scaling for better readability across devices.
### 5. Production Export Cleanup
- **`export_prod.sh`** — Updated to explicitly exclude `tests/` folders and development benchmarking scripts.
- **New Bundle** — Generated a clean **`aInventory-PROD-v1.4.0.zip`**.
### 4. UI/UX Excellence
- **Search Integration** — Integrated `box_label` into the global search filter.
- **Onboarding Support** — Added Box Label association to the AI-powered onboarding workflow with smart `datalist` suggestions.
- **Visual Polish** — Applied Lucide `Package` iconography and consistent branding to the new modules.
---
## WHAT THE NEXT AI MUST DO
1. **Database Encryption** — Consider implementing SQLite encryption at rest (SQLCipher) as per the security report.
1. **Database Encryption** — Consider implementing SQLite encryption at rest (SQLCipher) if requested.
2. **Persistent JWT** — If requested, move the `JWT_SECRET_KEY` to a `.env` file for session persistence across server restarts.
3. **Advanced Filtering** — Extend the Box Manager to allow bulk movements between boxes.
3. **LDAP Probe** — The "Test Connection" button may show "Partial Success" (handshake rejected) due to anonymous bind restrictions; login itself works fine.
4. **Monitoring** — If the rate limiter triggers too frequently for legitimate users, adjust the `slowapi` limit in `backend/routers/users.py`.