PROJECT-CONTORL

egg/PROJECT-CONTORL

Fork 0

Commit Graph

Author	SHA1	Message	Date
beabigegg	35c90fe76b	feat: implement 5 QA-driven security and quality proposals Implemented proposals from comprehensive QA review: 1. extend-csrf-protection - Add POST to CSRF protected methods in frontend - Global CSRF middleware for all state-changing operations - Update tests with CSRF token fixtures 2. tighten-cors-websocket-security - Replace wildcard CORS with explicit method/header lists - Disable query parameter auth in production (code 4002) - Add per-user WebSocket connection limit (max 5, code 4005) 3. shorten-jwt-expiry - Reduce JWT expiry from 7 days to 60 minutes - Add refresh token support with 7-day expiry - Implement token rotation on refresh - Frontend auto-refresh when token near expiry (<5 min) 4. fix-frontend-quality - Add React.lazy() code splitting for all pages - Fix useCallback dependency arrays (Dashboard, Comments) - Add localStorage data validation in AuthContext - Complete i18n for AttachmentUpload component 5. enhance-backend-validation - Add SecurityAuditMiddleware for access denied logging - Add ErrorSanitizerMiddleware for production error messages - Protect /health/detailed with admin authentication - Add input length validation (comment 5000, desc 10000) All 521 backend tests passing. Frontend builds successfully. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-12 23:19:05 +08:00
beabigegg	9b220523ff	feat: complete issue fixes and implement remaining features ## Critical Issues (CRIT-001~003) - All Fixed - JWT secret key validation with pydantic field_validator - Login audit logging for success/failure attempts - Frontend API path prefix removal ## High Priority Issues (HIGH-001~008) - All Fixed - Project soft delete using is_active flag - Redis session token bytes handling - Rate limiting with slowapi (5 req/min for login) - Attachment API permission checks - Kanban view with drag-and-drop - Workload heatmap UI (WorkloadPage, WorkloadHeatmap) - TaskDetailModal integrating Comments/Attachments - UserSelect component for task assignment ## Medium Priority Issues (MED-001~012) - All Fixed - MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag - MED-006: Project health dashboard (HealthService, ProjectHealthPage) - MED-007: Capacity update API (PUT /api/users/{id}/capacity) - MED-008: Schedule triggers (cron parsing, deadline reminders) - MED-009: Watermark feature (image/PDF watermarking) - MED-010~012: useEffect deps, DOM operations, PDF export ## New Files - backend/app/api/health/ - Project health API - backend/app/services/health_service.py - backend/app/services/trigger_scheduler.py - backend/app/services/watermark_service.py - backend/app/core/rate_limiter.py - frontend/src/pages/ProjectHealthPage.tsx - frontend/src/components/ProjectHealthCard.tsx - frontend/src/components/KanbanBoard.tsx - frontend/src/components/WorkloadHeatmap.tsx ## Tests - 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32) ## OpenSpec Archives - add-project-health-dashboard - add-capacity-update-api - add-schedule-triggers - add-watermark-feature - add-rate-limiting - enhance-frontend-ux - add-resource-management-ui 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-04 21:49:52 +08:00

Author

SHA1

Message

Date

beabigegg

35c90fe76b

feat: implement 5 QA-driven security and quality proposals

Implemented proposals from comprehensive QA review:

1. extend-csrf-protection
   - Add POST to CSRF protected methods in frontend
   - Global CSRF middleware for all state-changing operations
   - Update tests with CSRF token fixtures

2. tighten-cors-websocket-security
   - Replace wildcard CORS with explicit method/header lists
   - Disable query parameter auth in production (code 4002)
   - Add per-user WebSocket connection limit (max 5, code 4005)

3. shorten-jwt-expiry
   - Reduce JWT expiry from 7 days to 60 minutes
   - Add refresh token support with 7-day expiry
   - Implement token rotation on refresh
   - Frontend auto-refresh when token near expiry (<5 min)

4. fix-frontend-quality
   - Add React.lazy() code splitting for all pages
   - Fix useCallback dependency arrays (Dashboard, Comments)
   - Add localStorage data validation in AuthContext
   - Complete i18n for AttachmentUpload component

5. enhance-backend-validation
   - Add SecurityAuditMiddleware for access denied logging
   - Add ErrorSanitizerMiddleware for production error messages
   - Protect /health/detailed with admin authentication
   - Add input length validation (comment 5000, desc 10000)

All 521 backend tests passing. Frontend builds successfully.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-12 23:19:05 +08:00

beabigegg

9b220523ff

feat: complete issue fixes and implement remaining features

## Critical Issues (CRIT-001~003) - All Fixed
- JWT secret key validation with pydantic field_validator
- Login audit logging for success/failure attempts
- Frontend API path prefix removal

## High Priority Issues (HIGH-001~008) - All Fixed
- Project soft delete using is_active flag
- Redis session token bytes handling
- Rate limiting with slowapi (5 req/min for login)
- Attachment API permission checks
- Kanban view with drag-and-drop
- Workload heatmap UI (WorkloadPage, WorkloadHeatmap)
- TaskDetailModal integrating Comments/Attachments
- UserSelect component for task assignment

## Medium Priority Issues (MED-001~012) - All Fixed
- MED-001~005: DB commits, N+1 queries, datetime, error format, blocker flag
- MED-006: Project health dashboard (HealthService, ProjectHealthPage)
- MED-007: Capacity update API (PUT /api/users/{id}/capacity)
- MED-008: Schedule triggers (cron parsing, deadline reminders)
- MED-009: Watermark feature (image/PDF watermarking)
- MED-010~012: useEffect deps, DOM operations, PDF export

## New Files
- backend/app/api/health/ - Project health API
- backend/app/services/health_service.py
- backend/app/services/trigger_scheduler.py
- backend/app/services/watermark_service.py
- backend/app/core/rate_limiter.py
- frontend/src/pages/ProjectHealthPage.tsx
- frontend/src/components/ProjectHealthCard.tsx
- frontend/src/components/KanbanBoard.tsx
- frontend/src/components/WorkloadHeatmap.tsx

## Tests
- 113 new tests passing (health: 32, users: 14, triggers: 35, watermark: 32)

## OpenSpec Archives
- add-project-health-dashboard
- add-capacity-update-api
- add-schedule-triggers
- add-watermark-feature
- add-rate-limiting
- enhance-frontend-ux
- add-resource-management-ui

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-04 21:49:52 +08:00

2 Commits