679b89ae4c
Security Validation (enhance-security-validation): - JWT secret validation with entropy checking and pattern detection - CSRF protection middleware with token generation/validation - Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests - MIME type validation with magic bytes detection for file uploads Error Resilience (add-error-resilience): - React ErrorBoundary component with fallback UI and retry functionality - ErrorBoundaryWithI18n wrapper for internationalization support - Page-level and section-level error boundaries in App.tsx Query Performance (optimize-query-performance): - Query monitoring utility with threshold warnings - N+1 query fixes using joinedload/selectinload - Optimized project members, tasks, and subtasks endpoints Bug Fixes: - WebSocket session management (P0): Return primitives instead of ORM objects - LIKE query injection (P1): Escape special characters in search queries Tests: 543 backend tests, 56 frontend tests passing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
20 lines
871 B
Markdown
20 lines
871 B
Markdown
## 1. JWT Secret Validation
|
|
- [x] 1.1 Add minimum secret length check (32+ characters)
|
|
- [x] 1.2 Add entropy validation for JWT secret
|
|
- [x] 1.3 Log warning on startup if secret is weak
|
|
- [x] 1.4 Write unit tests for secret validation
|
|
|
|
## 2. CSRF Protection
|
|
- [x] 2.1 Add CSRF token generation utility
|
|
- [x] 2.2 Add CSRF validation middleware
|
|
- [x] 2.3 Apply to sensitive endpoints (password change, delete operations)
|
|
- [x] 2.4 Update frontend to include CSRF token in requests
|
|
- [x] 2.5 Write integration tests for CSRF validation
|
|
|
|
## 3. MIME Type Validation
|
|
- [x] 3.1 Add python-magic or similar library for MIME detection
|
|
- [x] 3.2 Implement magic bytes validation in file upload service
|
|
- [x] 3.3 Reject files where extension doesn't match actual content
|
|
- [x] 3.4 Add configurable allowed MIME types per file category
|
|
- [x] 3.5 Write unit tests for MIME validation
|