Daniel Bedeleanu
07b15c8e01
Build [v1.9.1] (CORS Dynamic IP Resolution Fix)
2026-04-13 20:52:29 +03:00
Daniel Bedeleanu
f137ded5aa
Build [v1.8.9] (Runtime Permission Healing for Docker Volumes)
2026-04-13 20:32:40 +03:00
Daniel Bedeleanu
81b775c9ae
Build [v1.8.0]
2026-04-13 19:23:48 +03:00
Daniel Bedeleanu
994920bda2
Build [v1.7.0] - GitGuard - Infrastructure Hardening
2026-04-12 22:45:27 +03:00
Daniel Bedeleanu
2e5c666cc8
Build [v1.5.0] - Box Management & Label Printing
2026-04-12 21:30:50 +03:00
Daniel Bedeleanu
50ae3671c9
Build [v1.4.1] - Security hardening, PWA and UI refinements
2026-04-12 10:45:57 +03:00
Daniel Bedeleanu
f3d861b1a2
Build [v1.4.0] - Audit Dashboard & LDAP Restoration
2026-04-12 09:39:17 +03:00
Daniel Bedeleanu
161a182281
Build [v.1.3.9]
2026-04-12 07:29:58 +03:00
Daniel Bedeleanu
955b1e86e5
security: harden gitignore and add config example files [v1.3.7]
...
- Expanded .gitignore: root venv, npx_cache, AI metadata (.remember, .claude),
data/ (SQLite DB), frontend/config/, frontend/public/icons/, certificates,
docker-compose.override.yml
- Removed backend/config/ldap_config.json from git tracking (contains real IPs/credentials)
- Added backend/config/ldap_config.json.example with placeholder template
- Updated backend/.env.example: added JWT_SECRET_KEY, ALLOWED_ORIGINS, DATA_DIR, LOGS_DIR
2026-04-11 19:37:16 +03:00
Daniel Bedeleanu
704934165f
Build [v.1.3.6]
2026-04-11 17:14:22 +03:00
Daniel Bedeleanu
775808506f
fix: convert user_id to string for JWT sub claim (JWT spec requirement)
2026-04-11 15:30:31 +03:00
Daniel Bedeleanu
cee93fe53c
debug: log DATA_DIR and database path at startup
2026-04-11 15:28:53 +03:00
Daniel Bedeleanu
c95d095f9f
debug: add JWT validation logging to diagnose 401 errors
2026-04-11 15:25:51 +03:00
Daniel Bedeleanu
02a4951901
refactor: centralize configuration in backend/config/ and frontend/config/
...
- Move ldap_config.json from ./data/ to backend/config/
- Update users.py to read LDAP config from backend/config/ldap_config.json
- Create frontend/config/ directory for future frontend configs
- DATA_DIR still used for database and runtime files in ./data/
- Update .gitignore to track backend/config/ but ignore runtime data dirs
2026-04-11 15:06:56 +03:00
Daniel Bedeleanu
a6d2d176ba
debug: add detailed LDAP authentication logging with error traceback
2026-04-11 15:02:57 +03:00
Daniel Bedeleanu
c816cb4630
fix: enable DEBUG logging for development (configurable via LOG_LEVEL env var)
2026-04-11 14:56:13 +03:00
Daniel Bedeleanu
3c8d50162b
debug: add detailed logging to login authentication flow
...
- Log when local auth succeeds/fails
- Log when password mismatch occurs
- Log LDAP auth attempts and failures
- Helps diagnose why login is returning 401
2026-04-11 14:55:31 +03:00
Daniel Bedeleanu
c949bcd211
fix: reorder CORS middleware before rate limiter to fix OPTIONS preflight
2026-04-11 14:38:43 +03:00
Daniel Bedeleanu
356dfa32f1
fix: remove invalid add_exception_handler call for slowapi
2026-04-11 14:38:00 +03:00
Daniel Bedeleanu
c2bd8e44fb
fix: add Request parameter to extract_label for slowapi rate limiter
2026-04-11 14:37:28 +03:00
Daniel Bedeleanu
6fede92860
fix: remove HTTPAuthCredentials import (FastAPI compatibility)
2026-04-11 14:36:46 +03:00
Daniel Bedeleanu
45b0f8b35c
fix: make getUsers endpoint public for login page + translate remaining Romanian comments
2026-04-11 14:32:17 +03:00
Daniel Bedeleanu
ccc69d92df
fix: translate final Romanian comment in items.py to English
2026-04-11 14:27:15 +03:00
Daniel Bedeleanu
9dbe0f8b6c
refactor: translate all docstrings and comments to English (STRICT ENGLISH POLICY complete)
2026-04-11 14:26:55 +03:00
Daniel Bedeleanu
c31209b740
chore: translate remaining Romanian code comments to English (STRICT ENGLISH POLICY)
2026-04-11 14:25:03 +03:00
Daniel Bedeleanu
e6ca33f2f0
feat: frontend JWT handling, rate limiting [H-02], CORS config
...
Frontend:
- Creiez frontend/lib/auth.ts cu saveToken, getToken, getAuthHeader, clearAuth
- Modific api.ts: axiosInstance cu interceptor Bearer token + 401 → /login redirect
- Modific login page: salveaza JWT token din response
Backend:
- [H-02] Integrez slowapi rate limiting: 10 req/minute pe /items/extract-label
- [M-01] CORS: ALLOWED_ORIGINS din env (dev fallback: localhost:3000, localhost:3002)
- [C-01] JWT_SECRET_KEY din env (dev fallback: ephemeral key)
docker-compose.yml:
- Adaug ALLOWED_ORIGINS env var (dev: localhost)
- Adaug JWT_SECRET_KEY env var cu fallback warning
Status:
- ✅ JWT backend: complet
- ✅ JWT frontend: token save + attach + 401 handling
- ✅ Rate limiting: 10/min pe extract-label
- ✅ CORS: configurable via env
Gata pentru dev + testing local.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com >
2026-04-11 13:42:09 +03:00
Daniel Bedeleanu
9b6adad618
feat: implementare JWT Bearer authentication pe toți routers [C-01]
...
Implementare completă a autentificării Bearer token:
- Creiez backend/auth.py: funcții JWT (create_access_token, get_current_user, get_current_admin)
- Modific /users/login: returnează TokenResponse cu JWT token și expirare 8h
- Adaug Depends(get_current_user) pe toate endpoint-urile API
- [M-02] user_id extras din JWT token, nu din request body
- [L-01] Token cu exp claim pentru sesiuni frontend
Acces endpoints-uri:
- GET/POST /users/: authenticated users
- POST /users/: admin only
- PUT /users/{id}, DELETE /users/{id}, /ldap-config, /test-ldap: admin only
- Toți routers (items, operations, categories): authenticated users minimum
Modificări dependențe:
- Adaug: python-jose[cryptography]>=3.3.0, slowapi>=0.1.9 (pentru H-02 rate limiting)
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com >
2026-04-11 13:38:24 +03:00
Daniel Bedeleanu
247ea45408
security: audit complet + patch vulnerabilitati critice v1.3.5
...
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie).
12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW).
Patch-uri aplicate direct:
- [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py)
- [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py)
- [H-01] LDAP injection fix: escape_filter_chars pe username (users.py)
- [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py)
- [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py)
- [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py)
Raport complet: dev_docs/SECURITY_REPORT.md
Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com >
2026-04-11 13:20:05 +03:00
Daniel Bedeleanu
cb9df1d73f
chore: ignore log files and directories
2026-04-11 12:54:43 +03:00
Daniel Bedeleanu
fe18fe01c6
docs: add mandatory documentation maintenance rule for AI agents v1.3.5
2026-04-11 12:51:14 +03:00
Daniel Bedeleanu
91bdd791d2
docs: add Romanian User Guide and include in prod export v1.3.4
2026-04-11 12:49:11 +03:00
Daniel Bedeleanu
ed06f0b56e
docs: add comprehensive project README.md v1.3.3
2026-04-11 12:47:23 +03:00
Daniel Bedeleanu
df9468344d
feat: pivot systemd to standalone bare-metal mode v1.3.2
2026-04-11 12:43:53 +03:00
Daniel Bedeleanu
d87067e88c
feat: add systemd service template and installer for production 1.3.1
2026-04-11 12:39:38 +03:00
Daniel Bedeleanu
2e5ce8d153
feat: complete dockerization architecture with data/logs persistence and prod export script v1.3.0
2026-04-11 12:33:13 +03:00
Daniel Bedeleanu
a4cea4ce07
feat: offline ldap support and ui polish v1.2.4
2026-04-11 11:41:39 +03:00
Daniel Bedeleanu
4136d49936
style: ui readability refactor v1.2.2 (removed uppercase, tracking, increased font sizes)
2026-04-11 11:22:40 +03:00
Daniel Bedeleanu
8a3783c7e9
Infrastructure: Implement master/dev/vX branching, save git path, and fix username casing
2026-04-10 21:51:22 +03:00
Daniel Bedeleanu
373652e8b8
feat: AI coordination protocol and advanced audit operations
2026-04-10 13:57:42 +03:00
Daniel Bedeleanu
e4b0afb50d
feat: core inventory API and secure operation routers
2026-04-10 13:47:10 +03:00
Daniel Bedeleanu
46bd6ae733
feat: backend foundation setup with SQLite and FastAPI
2026-04-10 13:44:21 +03:00