Daniel Bedeleanu 247ea45408 security: audit complet + patch vulnerabilitati critice v1.3.5
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie).
12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW).

Patch-uri aplicate direct:
- [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py)
- [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py)
- [H-01] LDAP injection fix: escape_filter_chars pe username (users.py)
- [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py)
- [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py)
- [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py)

Raport complet: dev_docs/SECURITY_REPORT.md
Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:20:05 +03:00

TFM aInventory (2026 Edition)

A unified, offline-first Inventory Management System built as a Progressive Web App (PWA). Features include AI-powered label extraction (OCR), local barcode/QR scanning, and multi-user authentication with LDAP support.


🛠 Project Modes

This project supports three distinct operational modes:

1. 🚀 Development Mode (Bare-Metal)

Ideal for local development on macOS/Linux.

Isolated and portable container stack.

  • Command: docker-compose up -d --build
  • Details: Uses Caddy as a reverse proxy for HTTPS. Persistent data and logs are mapped to ./data and ./logs.
  • Access: https://localhost:3003

3. 🐧 Standalone Linux Mode (Systemd)

Native Linux installation (Alma/Debian/Ubuntu) without Docker dependencies.

  • Installation: sudo ./install_service.sh
  • Execution: sudo systemctl start inventory
  • Details: Compiles the frontend for production and manages the entire stack as a system service.
  • Access: https://:3003

📦 Production Distribution

To generate a clean production package without AI-agent metadata or development artifacts:

  1. Run ./export_prod.sh
  2. A .zip archive will be created (e.g., aInventory-PROD-v1.3.2.zip).
  3. This archive contains a specialized README.txt with deployment-only instructions.

🏗 Technical Overview

  • Backend: FastAPI (Python 3.12+)
  • Frontend: Next.js 15+ (React PWA)
  • Database: SQLite (SQLAlchemy) with Dexie.js (IndexedDB) for client-side sync.
  • Proxy: Caddy (Docker) or local-ssl-proxy (Standalone/Dev).
  • AI Engine: Google Gemini (Generative AI SDK).

For more details, see PROJECT_ARCHITECTURE.md.


📜 AI Operational Rules

AI agents working on this project MUST follow the guidelines in AI_RULES.md.

Description
Hardware Inventory System vith AI and OCR visual scanning
Readme 622 MiB
Languages
Python 95.7%
TypeScript 1.4%
Cython 1.1%
C 1%
C++ 0.6%