247ea45408492887e83320b11c00789dd3a474fe
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie). 12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW). Patch-uri aplicate direct: - [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py) - [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py) - [H-01] LDAP injection fix: escape_filter_chars pe username (users.py) - [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py) - [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py) - [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py) Raport complet: dev_docs/SECURITY_REPORT.md Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
TFM aInventory (2026 Edition)
A unified, offline-first Inventory Management System built as a Progressive Web App (PWA). Features include AI-powered label extraction (OCR), local barcode/QR scanning, and multi-user authentication with LDAP support.
🛠 Project Modes
This project supports three distinct operational modes:
1. 🚀 Development Mode (Bare-Metal)
Ideal for local development on macOS/Linux.
- Command:
./start_server.sh - Details: Runs FastAPI (backend) and Next.js (frontend) in development mode. Uses
local-ssl-proxyfor HTTPS. - Backend: http://localhost:8000
- Frontend: https://localhost:3003
2. 🐳 Docker Mode (Recommended for Production)
Isolated and portable container stack.
- Command:
docker-compose up -d --build - Details: Uses Caddy as a reverse proxy for HTTPS. Persistent data and logs are mapped to
./dataand./logs. - Access: https://localhost:3003
3. 🐧 Standalone Linux Mode (Systemd)
Native Linux installation (Alma/Debian/Ubuntu) without Docker dependencies.
- Installation:
sudo ./install_service.sh - Execution:
sudo systemctl start inventory - Details: Compiles the frontend for production and manages the entire stack as a system service.
- Access: https://:3003
📦 Production Distribution
To generate a clean production package without AI-agent metadata or development artifacts:
- Run
./export_prod.sh - A
.ziparchive will be created (e.g.,aInventory-PROD-v1.3.2.zip). - This archive contains a specialized
README.txtwith deployment-only instructions.
🏗 Technical Overview
- Backend: FastAPI (Python 3.12+)
- Frontend: Next.js 15+ (React PWA)
- Database: SQLite (SQLAlchemy) with Dexie.js (IndexedDB) for client-side sync.
- Proxy: Caddy (Docker) or local-ssl-proxy (Standalone/Dev).
- AI Engine: Google Gemini (Generative AI SDK).
For more details, see PROJECT_ARCHITECTURE.md.
📜 AI Operational Rules
AI agents working on this project MUST follow the guidelines in AI_RULES.md.
Description
Languages
Python
95.7%
TypeScript
1.4%
Cython
1.1%
C
1%
C++
0.6%