Commit Graph

32 Commits

Author SHA1 Message Date
b6eb284568 feat(5-03-02): create admin export endpoints for inventory snapshot and audit trail with authorization 2026-04-22 17:43:09 +03:00
770b02864d fix: handle CORS preflight OPTIONS requests before routing 2026-04-21 18:17:00 +03:00
6f1e7731d7 fix: implement subnet-aware CORS middleware to replace insecure wildcard origins 2026-04-21 17:58:14 +03:00
904e153d8a temp: allow all CORS origins for debugging LDAP login issue
Temporarily using allow_origins=['*'] to debug whether CORS is blocking
LDAP login requests from VPN client. This is insecure for production.
TODO: Fix subnet pattern matching in ALLOWED_ORIGINS configuration.
2026-04-21 15:32:01 +03:00
2078cd9ade fix: resolve CORS preflight issues and Next.js dev origin warnings
- Simplify backend CORS middleware to use standard FastAPI implementation
- Keep subnet validation function for future use in route-level checks
- Add Tailscale subnet pattern to Next.js allowedDevOrigins config
- Both individual IPs and subnet configurations now work correctly
2026-04-21 15:19:45 +03:00
983d6e4bb4 feat: add subnet-based CORS validation support for VPN/Tailscale origins
- Add ipaddress module for subnet parsing (10.0.0.0/24 format)
- Implement subnet validation in CORS middleware
- Separate individual IPs from subnet definitions in EXTRA_ALLOWED_ORIGINS
- Custom SubnetAwareCORSMiddleware for dynamic origin validation
- Support both exact IP matches and subnet ranges
- Backward compatible with existing ALLOWED_ORIGINS list
2026-04-21 15:17:29 +03:00
294555c574 feat(phase1): add static file serving for /images/ 2026-04-20 22:43:33 +03:00
ea49cd6e4a feat(phase1): add image storage utilities
- Create backend/services/image_storage.py with 4 core functions:
  - sanitize_filename(): remove unsafe chars, limit to 255 chars, convert to lowercase
  - get_unique_filename(): handle collisions with UUID suffix (format: {name}_{uuid8}_{variant}.jpg)
  - ensure_image_directories(): create /images/ root and category subdirs on startup
  - save_image(): save bytes to /images/{category}/{filename}, returns relative path
- Create comprehensive test suite (22 tests) covering all functionality
- Integrate ensure_image_directories() into FastAPI startup event
- Directory structure: /images/{category}/{filename}
- Collision handling: auto-suffix with UUID if filename exists
- All tests passing, pathlib.Path for safe operations
2026-04-20 21:57:26 +03:00
8fcd4150e5 refactor: split admin/config.py into ai_config and db_config 2026-04-19 17:10:56 +03:00
6dc300d339 refactor: split bulk-sync into backend/routers/sync.py 2026-04-19 12:37:09 +03:00
90e9a60640 refactor: split LDAP auth into backend/routers/auth.py 2026-04-19 12:35:40 +03:00
6aabf3eac1 feat(ai): refine extraction prompt with human-readable size conversions
- Add SIZE CONVERSION RULES section (critical) with explicit thresholds
- Convert ≥1600GB to TB format (e.g., 1600GB → 1.6TB)
- Convert memory ≥1024MB to GB format
- Update Item field examples with human-readable sizes
- Update Size field definition to emphasize HUMAN-READABLE format
- Update OCR key definition with size conversion examples
- Apply rules consistently across all size-related fields

This ensures AI-extracted items display sizes in user-friendly format
and improves OCR matching accuracy with normalized size representations.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-04-17 12:57:06 +03:00
26b38ea27c feat: enhance OCR matching with fuzzy logic and refined AI prompt
AI Prompt Improvements:
- Standardized Item name format: [size] type vendor connector part_number
- Clear examples: '5m Patchcord LC-LC', '256GB SSD Samsung SAS', '128GB DDR4 Hynix'
- OCR key format: uppercase, space-separated tokens, includes variations/abbreviations
- Excludes diameter/mm measurements from Item field
- Allows 'HP'/'HPE', 'DDR'/'DDR4', 'NVMe'/'NVME' variations in OCR keys

OCR Matching Logic:
- Implemented Levenshtein distance fuzzy matching (allows 1-2 char differences)
- Priority 0: Exact OCR key match (1000pts) + fuzzy match fallback (800pts)
- Priority 2: Part number exact (200pts) + fuzzy match (150pts)
- Priority 3: Token-based with fuzzy tolerance (50pts exact, 30pts fuzzy)
- Removes whitespace for comparison (e.g., 'LCLC' matches 'LC-LC')

Resolves OCR identification failures from minor text variations.
2026-04-17 12:12:26 +03:00
db918a86ab feat(admin): finalizing modular refactoring with testing suite and UI polish 2026-04-15 16:41:20 +03:00
Daniel Bedeleanu
1893c4f38b modificari mari 2026-04-15 15:20:45 +03:00
Daniel Bedeleanu
6c57b1b0c2 blabla 2026-04-14 22:54:19 +03:00
Daniel Bedeleanu
00ee4cf9c5 Build [v1.9.19] 2026-04-14 20:44:01 +03:00
Daniel Bedeleanu
fcb187974e Build [v1.9.18] 2026-04-13 23:43:52 +03:00
Daniel Bedeleanu
07b15c8e01 Build [v1.9.1] (CORS Dynamic IP Resolution Fix) 2026-04-13 20:52:29 +03:00
Daniel Bedeleanu
81b775c9ae Build [v1.8.0] 2026-04-13 19:23:48 +03:00
Daniel Bedeleanu
f3d861b1a2 Build [v1.4.0] - Audit Dashboard & LDAP Restoration 2026-04-12 09:39:17 +03:00
Daniel Bedeleanu
cee93fe53c debug: log DATA_DIR and database path at startup 2026-04-11 15:28:53 +03:00
Daniel Bedeleanu
c949bcd211 fix: reorder CORS middleware before rate limiter to fix OPTIONS preflight 2026-04-11 14:38:43 +03:00
Daniel Bedeleanu
356dfa32f1 fix: remove invalid add_exception_handler call for slowapi 2026-04-11 14:38:00 +03:00
Daniel Bedeleanu
9dbe0f8b6c refactor: translate all docstrings and comments to English (STRICT ENGLISH POLICY complete) 2026-04-11 14:26:55 +03:00
Daniel Bedeleanu
c31209b740 chore: translate remaining Romanian code comments to English (STRICT ENGLISH POLICY) 2026-04-11 14:25:03 +03:00
Daniel Bedeleanu
e6ca33f2f0 feat: frontend JWT handling, rate limiting [H-02], CORS config
Frontend:
- Creiez frontend/lib/auth.ts cu saveToken, getToken, getAuthHeader, clearAuth
- Modific api.ts: axiosInstance cu interceptor Bearer token + 401 → /login redirect
- Modific login page: salveaza JWT token din response

Backend:
- [H-02] Integrez slowapi rate limiting: 10 req/minute pe /items/extract-label
- [M-01] CORS: ALLOWED_ORIGINS din env (dev fallback: localhost:3000, localhost:3002)
- [C-01] JWT_SECRET_KEY din env (dev fallback: ephemeral key)

docker-compose.yml:
- Adaug ALLOWED_ORIGINS env var (dev: localhost)
- Adaug JWT_SECRET_KEY env var cu fallback warning

Status:
-  JWT backend: complet
-  JWT frontend: token save + attach + 401 handling
-  Rate limiting: 10/min pe extract-label
-  CORS: configurable via env

Gata pentru dev + testing local.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:42:09 +03:00
Daniel Bedeleanu
247ea45408 security: audit complet + patch vulnerabilitati critice v1.3.5
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie).
12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW).

Patch-uri aplicate direct:
- [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py)
- [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py)
- [H-01] LDAP injection fix: escape_filter_chars pe username (users.py)
- [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py)
- [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py)
- [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py)

Raport complet: dev_docs/SECURITY_REPORT.md
Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:20:05 +03:00
Daniel Bedeleanu
2e5ce8d153 feat: complete dockerization architecture with data/logs persistence and prod export script v1.3.0 2026-04-11 12:33:13 +03:00
Daniel Bedeleanu
8a3783c7e9 Infrastructure: Implement master/dev/vX branching, save git path, and fix username casing 2026-04-10 21:51:22 +03:00
Daniel Bedeleanu
e4b0afb50d feat: core inventory API and secure operation routers 2026-04-10 13:47:10 +03:00
Daniel Bedeleanu
46bd6ae733 feat: backend foundation setup with SQLite and FastAPI 2026-04-10 13:44:21 +03:00