Build [v1.9.18]

This commit is contained in:
Daniel Bedeleanu
2026-04-13 23:43:52 +03:00
parent 1fff658d3c
commit fcb187974e
13 changed files with 222 additions and 113 deletions

View File

@@ -26,7 +26,7 @@ A unified system to maintain an inventory of "items" and their quantities, inclu
- **PWA Deployment:** `next-pwa` (Service Workers + Manifest.json)
- **HTTPS Proxy:** `caddy` or `local-ssl-proxy` (Port 8909)
- **Servers:** Frontend (Port 8907), Backend (Port 8906)
- **Configuration:** Centrally managed via root `config/` directory (includes `network_config.env`, `ldap_config.json`, `Caddyfile`).
- **Configuration:** Centrally managed via root `inventory.env` (Network/CORS/API Keys) and `config/` directory (LDAP, Caddyfile).
## 3. Data Models & Entities
- **Item:** Name, Category Group (Structured), Item Type (Specific), Quantity, Barcode, Part Number, Box Label (Association).
@@ -80,7 +80,9 @@ To ensure enterprise-grade protection, the following policies are enforced:
- **Admin Only:** Critical operations such as `DELETE /items/`, user management, and DB settings are restricted via the `auth.get_current_admin` dependency.
- **User Role:** Standard users are permitted to perform check-in/out and list inventory, but cannot delete catalog entries.
### 7.2 Brute-Force Protection
### 7.2 CORS & Origin Policy (v1.9.18)
- **Automatic Discovery:** The system detects local LAN IP and automatically authorizes it.
- **Generic Expansion:** Use `EXTRA_ALLOWED_ORIGINS` for Tailscale or VPN IPs. The system automatically expands each IP into a set of authorized Origins (http/8916, https/8918, https/8919).
- **Rate Limiting:** Implemented via `slowapi`. The `login` endpoint is limited to **5 requests per minute** per IP to mitigate automated credential stuffing.
### 7.3 Data Privacy