Commit Graph

60 Commits

Author SHA1 Message Date
a54f015b64 test: add stock operations and offline sync tests 2026-04-18 17:00:52 +00:00
0ca846af15 test: add item CRUD and validation tests 2026-04-18 16:59:56 +00:00
5a984d1e6b test: add user authentication and CRUD tests 2026-04-18 16:57:18 +00:00
e652e4b7b3 test: improve conftest.py code quality - add type hints, docstrings, DRY refactoring 2026-04-18 16:54:53 +00:00
9b45ece68f test: fix token fixtures to return JWT strings instead of TokenData objects 2026-04-18 16:50:54 +00:00
be83262644 test: create pytest conftest with shared fixtures for backend tests 2026-04-18 16:48:30 +00:00
6aabf3eac1 feat(ai): refine extraction prompt with human-readable size conversions
- Add SIZE CONVERSION RULES section (critical) with explicit thresholds
- Convert ≥1600GB to TB format (e.g., 1600GB → 1.6TB)
- Convert memory ≥1024MB to GB format
- Update Item field examples with human-readable sizes
- Update Size field definition to emphasize HUMAN-READABLE format
- Update OCR key definition with size conversion examples
- Apply rules consistently across all size-related fields

This ensures AI-extracted items display sizes in user-friendly format
and improves OCR matching accuracy with normalized size representations.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-04-17 12:57:06 +03:00
da83c91a5b feat: add side-by-side item comparison for duplicate Part Numbers
New Component: ItemComparisonModal.tsx
- Shows existing vs new item side-by-side
- Highlights fields that are different (in yellow)
- Options to Update item or Skip (local-only save)
- Shows existing item ID and comparison details

Backend Changes:
- Updated error message to say 'Part Number' not 'barcode'
- 409 response includes existing item data for comparison
- Clear, user-friendly conflict messaging

Frontend Changes:
- New state for comparison modal (newItem, existingItem, existingId)
- handleOnboardingComplete() shows modal on 409 conflict
- handleComparisonUpdate() calls updateItem() API
- handleComparisonSkip() saves locally without syncing
- Better error handling distinguishes 409 from other failures

Workflow:
1. User imports item with Part Number that already exists
2. System shows comparison modal
3. User can:
   - Update (merges new data into existing)
   - Skip (saves locally, doesn't sync to cloud)
2026-04-17 12:35:42 +03:00
ade8dcde78 fix: prevent duplicate item creation with barcode conflict detection
Backend:
- Added UNIQUE constraint check on barcode before item creation
- Returns 409 Conflict with user-friendly message if duplicate exists
- Prevents sqlite3.IntegrityError crashes

Frontend:
- Improved error handling for cloud sync failures
- Detects 409 status code (duplicate barcode)
- Shows specific error message to user
- Gracefully falls back to local-only save

Example error message: 'Item already exists. Item with barcode P66093-002 already exists (ID: 42). Update it instead or use a different barcode.'
2026-04-17 12:29:53 +03:00
26b38ea27c feat: enhance OCR matching with fuzzy logic and refined AI prompt
AI Prompt Improvements:
- Standardized Item name format: [size] type vendor connector part_number
- Clear examples: '5m Patchcord LC-LC', '256GB SSD Samsung SAS', '128GB DDR4 Hynix'
- OCR key format: uppercase, space-separated tokens, includes variations/abbreviations
- Excludes diameter/mm measurements from Item field
- Allows 'HP'/'HPE', 'DDR'/'DDR4', 'NVMe'/'NVME' variations in OCR keys

OCR Matching Logic:
- Implemented Levenshtein distance fuzzy matching (allows 1-2 char differences)
- Priority 0: Exact OCR key match (1000pts) + fuzzy match fallback (800pts)
- Priority 2: Part number exact (200pts) + fuzzy match (150pts)
- Priority 3: Token-based with fuzzy tolerance (50pts exact, 30pts fuzzy)
- Removes whitespace for comparison (e.g., 'LCLC' matches 'LC-LC')

Resolves OCR identification failures from minor text variations.
2026-04-17 12:12:26 +03:00
6760ab0abf Build [v1.10.2] 2026-04-15 17:54:21 +03:00
062df8cfd9 Build [v1.10.0] 2026-04-15 17:31:58 +03:00
db918a86ab feat(admin): finalizing modular refactoring with testing suite and UI polish 2026-04-15 16:41:20 +03:00
Daniel Bedeleanu
1893c4f38b modificari mari 2026-04-15 15:20:45 +03:00
Daniel Bedeleanu
6c57b1b0c2 blabla 2026-04-14 22:54:19 +03:00
Daniel Bedeleanu
00ee4cf9c5 Build [v1.9.19] 2026-04-14 20:44:01 +03:00
Daniel Bedeleanu
fcb187974e Build [v1.9.18] 2026-04-13 23:43:52 +03:00
Daniel Bedeleanu
ee7e7b7bd7 Build [v1.9.12] (Secure Seal & LDAP Sync: Custom Caddy & Config Volume) 2026-04-13 22:25:19 +03:00
Daniel Bedeleanu
bdf6d605cd Build [v1.9.10] (Access & SSL Recovery: Fixed Admin info and Explicit IP Proxy) 2026-04-13 22:07:15 +03:00
Daniel Bedeleanu
07b15c8e01 Build [v1.9.1] (CORS Dynamic IP Resolution Fix) 2026-04-13 20:52:29 +03:00
Daniel Bedeleanu
f137ded5aa Build [v1.8.9] (Runtime Permission Healing for Docker Volumes) 2026-04-13 20:32:40 +03:00
Daniel Bedeleanu
81b775c9ae Build [v1.8.0] 2026-04-13 19:23:48 +03:00
Daniel Bedeleanu
994920bda2 Build [v1.7.0] - GitGuard - Infrastructure Hardening 2026-04-12 22:45:27 +03:00
Daniel Bedeleanu
2e5c666cc8 Build [v1.5.0] - Box Management & Label Printing 2026-04-12 21:30:50 +03:00
Daniel Bedeleanu
50ae3671c9 Build [v1.4.1] - Security hardening, PWA and UI refinements 2026-04-12 10:45:57 +03:00
Daniel Bedeleanu
f3d861b1a2 Build [v1.4.0] - Audit Dashboard & LDAP Restoration 2026-04-12 09:39:17 +03:00
Daniel Bedeleanu
161a182281 Build [v.1.3.9] 2026-04-12 07:29:58 +03:00
Daniel Bedeleanu
955b1e86e5 security: harden gitignore and add config example files [v1.3.7]
- Expanded .gitignore: root venv, npx_cache, AI metadata (.remember, .claude),
  data/ (SQLite DB), frontend/config/, frontend/public/icons/, certificates,
  docker-compose.override.yml
- Removed backend/config/ldap_config.json from git tracking (contains real IPs/credentials)
- Added backend/config/ldap_config.json.example with placeholder template
- Updated backend/.env.example: added JWT_SECRET_KEY, ALLOWED_ORIGINS, DATA_DIR, LOGS_DIR
2026-04-11 19:37:16 +03:00
Daniel Bedeleanu
704934165f Build [v.1.3.6] 2026-04-11 17:14:22 +03:00
Daniel Bedeleanu
775808506f fix: convert user_id to string for JWT sub claim (JWT spec requirement) 2026-04-11 15:30:31 +03:00
Daniel Bedeleanu
cee93fe53c debug: log DATA_DIR and database path at startup 2026-04-11 15:28:53 +03:00
Daniel Bedeleanu
c95d095f9f debug: add JWT validation logging to diagnose 401 errors 2026-04-11 15:25:51 +03:00
Daniel Bedeleanu
02a4951901 refactor: centralize configuration in backend/config/ and frontend/config/
- Move ldap_config.json from ./data/ to backend/config/
- Update users.py to read LDAP config from backend/config/ldap_config.json
- Create frontend/config/ directory for future frontend configs
- DATA_DIR still used for database and runtime files in ./data/
- Update .gitignore to track backend/config/ but ignore runtime data dirs
2026-04-11 15:06:56 +03:00
Daniel Bedeleanu
a6d2d176ba debug: add detailed LDAP authentication logging with error traceback 2026-04-11 15:02:57 +03:00
Daniel Bedeleanu
c816cb4630 fix: enable DEBUG logging for development (configurable via LOG_LEVEL env var) 2026-04-11 14:56:13 +03:00
Daniel Bedeleanu
3c8d50162b debug: add detailed logging to login authentication flow
- Log when local auth succeeds/fails
- Log when password mismatch occurs
- Log LDAP auth attempts and failures
- Helps diagnose why login is returning 401
2026-04-11 14:55:31 +03:00
Daniel Bedeleanu
c949bcd211 fix: reorder CORS middleware before rate limiter to fix OPTIONS preflight 2026-04-11 14:38:43 +03:00
Daniel Bedeleanu
356dfa32f1 fix: remove invalid add_exception_handler call for slowapi 2026-04-11 14:38:00 +03:00
Daniel Bedeleanu
c2bd8e44fb fix: add Request parameter to extract_label for slowapi rate limiter 2026-04-11 14:37:28 +03:00
Daniel Bedeleanu
6fede92860 fix: remove HTTPAuthCredentials import (FastAPI compatibility) 2026-04-11 14:36:46 +03:00
Daniel Bedeleanu
45b0f8b35c fix: make getUsers endpoint public for login page + translate remaining Romanian comments 2026-04-11 14:32:17 +03:00
Daniel Bedeleanu
ccc69d92df fix: translate final Romanian comment in items.py to English 2026-04-11 14:27:15 +03:00
Daniel Bedeleanu
9dbe0f8b6c refactor: translate all docstrings and comments to English (STRICT ENGLISH POLICY complete) 2026-04-11 14:26:55 +03:00
Daniel Bedeleanu
c31209b740 chore: translate remaining Romanian code comments to English (STRICT ENGLISH POLICY) 2026-04-11 14:25:03 +03:00
Daniel Bedeleanu
e6ca33f2f0 feat: frontend JWT handling, rate limiting [H-02], CORS config
Frontend:
- Creiez frontend/lib/auth.ts cu saveToken, getToken, getAuthHeader, clearAuth
- Modific api.ts: axiosInstance cu interceptor Bearer token + 401 → /login redirect
- Modific login page: salveaza JWT token din response

Backend:
- [H-02] Integrez slowapi rate limiting: 10 req/minute pe /items/extract-label
- [M-01] CORS: ALLOWED_ORIGINS din env (dev fallback: localhost:3000, localhost:3002)
- [C-01] JWT_SECRET_KEY din env (dev fallback: ephemeral key)

docker-compose.yml:
- Adaug ALLOWED_ORIGINS env var (dev: localhost)
- Adaug JWT_SECRET_KEY env var cu fallback warning

Status:
-  JWT backend: complet
-  JWT frontend: token save + attach + 401 handling
-  Rate limiting: 10/min pe extract-label
-  CORS: configurable via env

Gata pentru dev + testing local.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:42:09 +03:00
Daniel Bedeleanu
9b6adad618 feat: implementare JWT Bearer authentication pe toți routers [C-01]
Implementare completă a autentificării Bearer token:
- Creiez backend/auth.py: funcții JWT (create_access_token, get_current_user, get_current_admin)
- Modific /users/login: returnează TokenResponse cu JWT token și expirare 8h
- Adaug Depends(get_current_user) pe toate endpoint-urile API
- [M-02] user_id extras din JWT token, nu din request body
- [L-01] Token cu exp claim pentru sesiuni frontend

Acces endpoints-uri:
- GET/POST /users/: authenticated users
- POST /users/: admin only
- PUT /users/{id}, DELETE /users/{id}, /ldap-config, /test-ldap: admin only
- Toți routers (items, operations, categories): authenticated users minimum

Modificări dependențe:
- Adaug: python-jose[cryptography]>=3.3.0, slowapi>=0.1.9 (pentru H-02 rate limiting)

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:38:24 +03:00
Daniel Bedeleanu
247ea45408 security: audit complet + patch vulnerabilitati critice v1.3.5
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie).
12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW).

Patch-uri aplicate direct:
- [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py)
- [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py)
- [H-01] LDAP injection fix: escape_filter_chars pe username (users.py)
- [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py)
- [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py)
- [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py)

Raport complet: dev_docs/SECURITY_REPORT.md
Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:20:05 +03:00
Daniel Bedeleanu
cb9df1d73f chore: ignore log files and directories 2026-04-11 12:54:43 +03:00
Daniel Bedeleanu
fe18fe01c6 docs: add mandatory documentation maintenance rule for AI agents v1.3.5 2026-04-11 12:51:14 +03:00
Daniel Bedeleanu
91bdd791d2 docs: add Romanian User Guide and include in prod export v1.3.4 2026-04-11 12:49:11 +03:00