3bdc6ff1c9
## Security Enhancements (P0) - Add input validation with max_length and numeric range constraints - Implement WebSocket token authentication via first message - Add path traversal prevention in file storage service ## Permission Enhancements (P0) - Add project member management for cross-department access - Implement is_department_manager flag for workload visibility ## Cycle Detection (P0) - Add DFS-based cycle detection for task dependencies - Add formula field circular reference detection - Display user-friendly cycle path visualization ## Concurrency & Reliability (P1) - Implement optimistic locking with version field (409 Conflict on mismatch) - Add trigger retry mechanism with exponential backoff (1s, 2s, 4s) - Implement cascade restore for soft-deleted tasks ## Rate Limiting (P1) - Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min) - Apply rate limits to tasks, reports, attachments, and comments ## Frontend Improvements (P1) - Add responsive sidebar with hamburger menu for mobile - Improve touch-friendly UI with proper tap target sizes - Complete i18n translations for all components ## Backend Reliability (P2) - Configure database connection pool (size=10, overflow=20) - Add Redis fallback mechanism with message queue - Add blocker check before task deletion ## API Enhancements (P3) - Add standardized response wrapper utility - Add /health/ready and /health/live endpoints - Implement project templates with status/field copying ## Tests Added - test_input_validation.py - Schema and path traversal tests - test_concurrency_reliability.py - Optimistic locking and retry tests - test_backend_reliability.py - Connection pool and Redis tests - test_api_enhancements.py - Health check and template tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
37 lines
738 B
Python
37 lines
738 B
Python
from pydantic import BaseModel, Field
|
|
from typing import Optional
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
email: str = Field(..., max_length=255)
|
|
password: str = Field(..., min_length=1, max_length=128)
|
|
|
|
|
|
class LoginResponse(BaseModel):
|
|
access_token: str
|
|
token_type: str = "bearer"
|
|
user: "UserInfo"
|
|
|
|
|
|
class UserInfo(BaseModel):
|
|
id: str
|
|
email: str
|
|
name: str
|
|
role: Optional[str] = None
|
|
department_id: Optional[str] = None
|
|
is_system_admin: bool = False
|
|
|
|
|
|
class TokenPayload(BaseModel):
|
|
sub: str
|
|
email: str
|
|
role: Optional[str] = None
|
|
department_id: Optional[str] = None
|
|
is_system_admin: bool = False
|
|
exp: int
|
|
iat: int
|
|
|
|
|
|
# Update forward reference
|
|
LoginResponse.model_rebuild()
|