beabigegg
679b89ae4c
feat: implement security, error resilience, and query optimization proposals
...
Security Validation (enhance-security-validation):
- JWT secret validation with entropy checking and pattern detection
- CSRF protection middleware with token generation/validation
- Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests
- MIME type validation with magic bytes detection for file uploads
Error Resilience (add-error-resilience):
- React ErrorBoundary component with fallback UI and retry functionality
- ErrorBoundaryWithI18n wrapper for internationalization support
- Page-level and section-level error boundaries in App.tsx
Query Performance (optimize-query-performance):
- Query monitoring utility with threshold warnings
- N+1 query fixes using joinedload/selectinload
- Optimized project members, tasks, and subtasks endpoints
Bug Fixes:
- WebSocket session management (P0): Return primitives instead of ORM objects
- LIKE query injection (P1): Escape special characters in search queries
Tests: 543 backend tests, 56 frontend tests passing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-11 18:41:19 +08:00
beabigegg
3bdc6ff1c9
feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements
...
## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service
## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility
## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization
## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks
## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments
## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components
## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion
## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying
## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 22:13:43 +08:00
beabigegg
2d80a8384e
feat: implement custom fields, gantt view, calendar view, and file encryption
...
- Custom Fields (FEAT-001):
- CustomField and TaskCustomValue models with formula support
- CRUD API for custom field management
- Formula engine for calculated fields
- Frontend: CustomFieldEditor, CustomFieldInput, ProjectSettings page
- Task list API now includes custom_values
- KanbanBoard displays custom field values
- Gantt View (FEAT-003):
- TaskDependency model with FS/SS/FF/SF dependency types
- Dependency CRUD API with cycle detection
- start_date field added to tasks
- GanttChart component with Frappe Gantt integration
- Dependency type selector in UI
- Calendar View (FEAT-004):
- CalendarView component with FullCalendar integration
- Date range filtering API for tasks
- Drag-and-drop date updates
- View mode switching in Tasks page
- File Encryption (FEAT-010):
- AES-256-GCM encryption service
- EncryptionKey model with key rotation support
- Admin API for key management
- Encrypted upload/download for confidential projects
- Migrations: 011 (custom fields), 012 (encryption keys), 013 (task dependencies)
- Updated issues.md with completion status
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-05 23:39:12 +08:00
beabigegg
9b220523ff
feat: complete issue fixes and implement remaining features
...
## Critical Issues (CRIT-001~003) - All Fixed
- JWT secret key validation with pydantic field_validator
- Login audit logging for success/failure attempts
- Frontend API path prefix removal
## High Priority Issues (HIGH-001~008) - All Fixed
- Project soft delete using is_active flag
- Redis session token bytes handling
- Rate limiting with slowapi (5 req/min for login)
- Attachment API permission checks
- Kanban view with drag-and-drop
- Workload heatmap UI (WorkloadPage, WorkloadHeatmap)
- TaskDetailModal integrating Comments/Attachments
- UserSelect component for task assignment
## Medium Priority Issues (MED-001~012) - All Fixed
- MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag
- MED-006: Project health dashboard (HealthService, ProjectHealthPage)
- MED-007: Capacity update API (PUT /api/users/{id}/capacity)
- MED-008: Schedule triggers (cron parsing, deadline reminders)
- MED-009: Watermark feature (image/PDF watermarking)
- MED-010~012: useEffect deps, DOM operations, PDF export
## New Files
- backend/app/api/health/ - Project health API
- backend/app/services/health_service.py
- backend/app/services/trigger_scheduler.py
- backend/app/services/watermark_service.py
- backend/app/core/rate_limiter.py
- frontend/src/pages/ProjectHealthPage.tsx
- frontend/src/components/ProjectHealthCard.tsx
- frontend/src/components/KanbanBoard.tsx
- frontend/src/components/WorkloadHeatmap.tsx
## Tests
- 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32)
## OpenSpec Archives
- add-project-health-dashboard
- add-capacity-update-api
- add-schedule-triggers
- add-watermark-feature
- add-rate-limiting
- enhance-frontend-ux
- add-resource-management-ui
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-04 21:49:52 +08:00
beabigegg
64874d5425
feat: enhance weekly report and realtime notifications
...
Weekly Report (fix-weekly-report):
- Remove 5-task limit, show all tasks per category
- Add blocked tasks with blocker_reason and blocked_since
- Add next week tasks (due in coming week)
- Add assignee_name, completed_at, days_overdue to task details
- Frontend collapsible sections for each task category
- 8 new tests for enhanced report content
Realtime Notifications (fix-realtime-notifications):
- SQLAlchemy event-based notification publishing
- Redis Pub/Sub for multi-process broadcast
- Fix soft rollback handler stacking issue
- Fix ping scheduling drift (send immediately when interval expires)
- Frontend NotificationContext with WebSocket reconnection
Spec Fixes:
- Add missing ## Purpose sections to 5 specs
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2025-12-30 20:52:08 +08:00
beabigegg
1fda7da2c2
feat: implement user authentication module
...
- Backend (FastAPI):
- External API authentication (pj-auth-api.vercel.app)
- JWT token validation with Redis session storage
- RBAC with department isolation
- User, Role, Department models with pjctrl_ prefix
- Alembic migrations with project-specific version table
- Complete test coverage (13 tests)
- Frontend (React + Vite):
- AuthContext for state management
- Login page with error handling
- Protected route component
- Dashboard with user info display
- OpenSpec:
- 7 capability specs defined
- add-user-auth change archived
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2025-12-28 23:41:37 +08:00
