feat: implement custom fields, gantt view, calendar view, and file encryption

- Custom Fields (FEAT-001): - CustomField and TaskCustomValue models with formula support - CRUD API for custom field management - Formula engine for calculated fields - Frontend: CustomFieldEditor, CustomFieldInput, ProjectSettings page - Task list API now includes custom_values - KanbanBoard displays custom field values - Gantt View (FEAT-003): - TaskDependency model with FS/SS/FF/SF dependency types - Dependency CRUD API with cycle detection - start_date field added to tasks - GanttChart component with Frappe Gantt integration - Dependency type selector in UI - Calendar View (FEAT-004): - CalendarView component with FullCalendar integration - Date range filtering API for tasks - Drag-and-drop date updates - View mode switching in Tasks page - File Encryption (FEAT-010): - AES-256-GCM encryption service - EncryptionKey model with key rotation support - Admin API for key management - Encrypted upload/download for confidential projects - Migrations: 011 (custom fields), 012 (encryption keys), 013 (task dependencies) - Updated issues.md with completion status 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-05 23:39:12 +08:00
parent 69b81d9241
commit 2d80a8384e
65 changed files with 11045 additions and 82 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -1,6 +1,6 @@
 from pydantic_settings import BaseSettings
 from pydantic import field_validator
-from typing import List
+from typing import List, Optional
 import os


@@ -52,6 +52,35 @@ class Settings(BaseSettings):
            )
        return v

+    # Encryption - Master key for encrypting file encryption keys
+    # Must be a 32-byte (256-bit) key encoded as base64 for AES-256
+    # Generate with: python -c "import secrets, base64; print(base64.urlsafe_b64encode(secrets.token_bytes(32)).decode())"
+    ENCRYPTION_MASTER_KEY: Optional[str] = None
+
+    @field_validator("ENCRYPTION_MASTER_KEY")
+    @classmethod
+    def validate_encryption_master_key(cls, v: Optional[str]) -> Optional[str]:
+        """Validate that ENCRYPTION_MASTER_KEY is properly formatted if set."""
+        if v is None or v.strip() == "":
+            return None
+        # Basic validation - should be base64 encoded 32 bytes
+        import base64
+        try:
+            decoded = base64.urlsafe_b64decode(v)
+            if len(decoded) != 32:
+                raise ValueError(
+                    "ENCRYPTION_MASTER_KEY must be a base64-encoded 32-byte key. "
+                    "Generate with: python -c \"import secrets, base64; print(base64.urlsafe_b64encode(secrets.token_bytes(32)).decode())\""
+                )
+        except Exception as e:
+            if "must be a base64-encoded" in str(e):
+                raise
+            raise ValueError(
+                "ENCRYPTION_MASTER_KEY must be a valid base64-encoded string. "
+                f"Error: {e}"
+            )
+        return v
+
    # External Auth API
    AUTH_API_URL: str = "https://pj-auth-api.vercel.app"