torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
281 Commits 2 Branches 0 Tags
0b3fba44a4626eedc0180b0621f1ac8f73aca2c0
Commit Graph

281 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Torsten Schulz (local)
c9c01a4db1 Enhance passkey registration process with detailed debug logging and validation checks 
Add comprehensive debug logging throughout the passkey registration flow, including request handling, option generation, and verification steps. Implement validation for incoming requests and responses to ensure required fields are present, improving error handling and clarity. This update aims to facilitate troubleshooting and enhance the overall robustness of the registration process.
 2026-01-07 21:36:41 +01:00
Torsten Schulz (local)
fa9980ea44 Improve passkey registration error handling and options serialization 
Enhance the registration process by adding error handling for the WebAuthn startRegistration method and ensuring the presence of required options. Include debug logging for received options and serialize the options correctly before returning them in the API response, improving robustness and clarity in the registration flow.
 2026-01-07 21:30:13 +01:00
Torsten Schulz (local)
5f35a74673 Enhance passkey registration handling with error checks and CORS support 
Add validation for server response in the registration process, ensuring the presence of necessary options. Implement CORS headers for cross-device authentication and increase the timeout for registration to 5 minutes. Include debug logging for options structure to aid in troubleshooting.
 2026-01-07 21:24:11 +01:00
Torsten Schulz (local)
25870fce9b Refactor CORS header handling in authentication endpoints 
Update the CORS header variable name from 'origin' to 'requestOrigin' in both login and registration API endpoints for improved clarity and consistency. This change enhances the readability of the code while maintaining support for cross-device authentication.
 2026-01-07 21:02:58 +01:00
Torsten Schulz (local)
f330bc1ca6 Add CORS support for Cross-Device Authentication in passkey handling 
Enhance authentication options in the server API by adding CORS headers to support cross-device authentication. Implement handling for preflight OPTIONS requests and increase timeout for registration and authentication processes to 5 minutes, improving user experience and compatibility across devices.
 2026-01-07 20:59:48 +01:00
Torsten Schulz (local)
3109c4aada Refactor authentication handling in Navigation and registration components to support lazy store access, improving resilience against Pinia initialization issues. Enhance registration logic to include optional password fallback for passkey users, with validation checks for password strength and confirmation. Update server-side registration to handle optional password securely, ensuring consistent user experience across different authentication methods. 2026-01-07 20:16:17 +01:00
Torsten Schulz (local)
52ca7b2d3c Remove deprecated data files including configuration, gallery metadata, members, news, sessions, users, and membership applications to streamline the server data structure and improve maintainability. 2026-01-07 20:16:03 +01:00
Torsten Schulz (local)
0e5856f19d Implement passkey support checks in registration page, including user feedback for unsupported scenarios. Update logic to determine passkey availability based on secure context and browser compatibility, enhancing user experience during registration. 2026-01-07 18:46:45 +01:00
Torsten Schulz (local)
50d634eb2e Implement passkey recovery feature, including email link requests and registration options. Update login and registration pages to support passkey authentication, with UI enhancements for user experience. Add server-side handling for passkey registration and login, including account activation checks. Update environment configuration for passkey recovery TTL settings. 2026-01-07 18:37:01 +01:00
Torsten Schulz (local)
f3eaa62e1c Enhance deployment script to conditionally symlink data directories based on git tracking status, improving error handling for uncommitted changes. Implement cleanup of untracked files while preserving essential directories, ensuring a smoother deployment process. 2026-01-07 18:08:07 +01:00
Torsten Schulz (local)
13ea77f554 Refactor deployment script to handle symlinking of public data conditionally based on git tracking status, improving error handling for uncommitted changes. Update PM2 configuration to directly start the Node server for Nuxt 4 production builds in both harheimertc.config.cjs and harheimertc.simple.cjs. Modify user ID handling in registration options to use Uint8Array for compatibility with @simplewebauthn/server. 2026-01-07 18:06:09 +01:00
Torsten Schulz (local)
9f1c1a86f2 Update package-lock.json to remove deprecated @peculiar/x509 version and add a new dependency entry for @simplewebauthn/server. Modify package.json to include an override for @peculiar/x509 version 1.13.0, ensuring compatibility across the project. 2026-01-07 17:58:38 +01:00
Torsten Schulz (local)
226a32af33 Refactor deployment script to improve data management by introducing configurable backup and restore paths, enhancing error handling, and ensuring persistent data storage. Update backup processes to create timestamped directories for better organization. 2026-01-07 17:54:49 +01:00
Torsten Schulz (local)
a29200ea91 Update deployment script to ensure persistent data management, enhance backup and restore processes, and improve error handling. Modify .gitignore to exclude sensitive production data and update deployment documentation to reflect changes. Add environment variable loading for production secrets in configuration files. 2026-01-07 17:42:04 +01:00
Torsten Schulz (local)
7fb65723c7 Refactor authentication middleware to remove dependency on Pinia, implementing direct API calls for authentication status checks. Update member API documentation to escape JWT token placeholder for clarity. Update session and user data formats for improved security and consistency. 2026-01-07 17:26:22 +01:00
Torsten Schulz (local)
5ce064cff0 Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse. 2026-01-05 11:50:57 +01:00
Torsten Schulz (local)
51214c8964 Remove gitleaks binary and archive files, and update .gitignore to exclude security tooling artifacts, enhancing project cleanliness and security management. 2025-12-20 16:01:40 +01:00
Torsten Schulz (local)
a186f11dde Enhance code analysis workflow by adding workspace sanity checks and refining OSV-Scanner commands to ensure proper execution with package-lock.json, improving overall reliability of the analysis process. 2025-12-20 16:01:25 +01:00
Torsten Schulz (local)
76d16e8478 Add gitleaks binary and archive; remove README.md 2025-12-20 15:49:21 +01:00
Torsten Schulz (local)
5594add8d1 Reorganize code analysis workflow to run gitleaks scan before installing dependencies, ensuring more accurate results and maintaining a cleaner environment for subsequent analysis steps. 2025-12-20 15:45:02 +01:00
Torsten Schulz (local)
1a1d639ec0 Update code analysis workflow to remove node_modules along with build artifacts before gitleaks scanning, improving security and ensuring a cleaner environment for analysis. 2025-12-20 15:35:03 +01:00
Torsten Schulz (local)
a64863421a Refactor code analysis workflow by adding gitleaks detection command and removing obsolete output files to streamline the build process and enhance security checks. 2025-12-20 15:29:58 +01:00
Torsten Schulz (local)
567c4c5661 Refine gitleaks download and extraction process in code analysis workflow by implementing dynamic asset URL retrieval, enhanced error handling for invalid downloads, and improved extraction methods. 2025-12-20 15:22:30 +01:00
Torsten Schulz (local)
415c93a1b0 Improve gitleaks download process in code analysis workflow by adding error handling for invalid downloads and ensuring proper extraction of the archive. 2025-12-20 15:12:27 +01:00
Torsten Schulz (local)
d89cabdd34 Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application. 2025-12-20 15:05:49 +01:00
Torsten Schulz (local)
3e956ac46b Update path handling comments across multiple files to enhance security against path traversal vulnerabilities, ensuring consistent use of nosemgrep annotations for better code analysis. 2025-12-20 14:49:57 +01:00
Torsten Schulz (local)
db0b0c390a Enhance security by adding role-checking functions in ESLint configuration and updating Vue components to improve content sanitization comments, while refining error handling in API endpoints for better clarity. 2025-12-20 14:19:55 +01:00
Torsten Schulz (local)
fbdb6f6b6f Enhance security by adding DOMPurify comments in Vue components and updating path handling comments in server utilities to mitigate path traversal risks. 2025-12-20 11:15:31 +01:00
Torsten Schulz (local)
e73d328139 Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities. 2025-12-20 10:54:49 +01:00
Torsten Schulz (local)
8fcb71b946 Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json. 2025-12-20 10:49:20 +01:00
Torsten Schulz (local)
98b69c446c Add SMTP credentials for tests and enhance user role handling in CMS and Galerie endpoints 2025-12-20 10:32:06 +01:00
Torsten Schulz (local)
e38c8133ad Update package dependencies to vitest v4.0.16 and enhance role management in auth utilities with new role-checking functions in tests 2025-12-20 10:25:16 +01:00
Torsten Schulz (local)
a00ed9723d Refactor error handling in various components to ignore modal display failures and improve code clarity 2025-12-20 10:19:29 +01:00
Torsten Schulz (local)
3d49f3e73a Update package-lock.json and package.json to include 'globals' dependency and improve code formatting in various components for better readability. 2025-12-20 10:17:16 +01:00
Torsten Schulz (local)
f01b8d64ae Update package dependencies to include eslint-plugin-vue and vue-eslint-parser for enhanced linting support 2025-12-19 17:32:56 +01:00
Torsten Schulz (local)
b3628dca8a Update code analysis workflow to run on ubuntu-latest for improved compatibility 2025-12-19 17:28:47 +01:00
Torsten Schulz (local)
a8afe30ec5 Update code analysis workflow to improve clarity and efficiency by renaming steps and simplifying Semgrep command execution. 2025-12-19 16:53:09 +01:00
Torsten Schulz (local)
120f46e888 Add linting script to package.json for improved code quality 2025-12-19 16:38:29 +01:00
Torsten Schulz
20be7a6563 Merge pull request 'Update dependency @babel/parser to v7.28.5' (#2) from renovate/babel-monorepo into main 
Reviewed-on: #2
 2025-12-19 16:13:11 +01:00
Torsten Schulz
60f30d0199 Merge pull request 'Update dependency @pinia/nuxt to v0.11.3' (#3) from renovate/pinia-nuxt-0.x-lockfile into main 
Reviewed-on: #3
 2025-12-19 16:12:58 +01:00
Torsten Schulz
85c80b60be Update dependency @pinia/nuxt to v0.11.3 2025-12-19 16:11:56 +01:00
Torsten Schulz
e447e3dc08 Update dependency @babel/parser to v7.28.5 2025-12-19 16:11:48 +01:00
Torsten Schulz
7589b77a20 Merge pull request 'Configure Renovate' (#1) from renovate/configure into main 
Reviewed-on: #1
 2025-12-19 16:09:18 +01:00
Torsten Schulz
e13b1b1b40 Add renovate.json 2025-12-19 15:58:03 +01:00
Torsten Schulz (local)
aef6778e96 Refactor training time input fields in Einstellungen component to improve layout and usability. Add optional information field for training times and ensure proper handling of group data. Update rendering logic in Training component to display additional information if provided. 2025-12-19 10:23:58 +01:00
Torsten Schulz (local)
00922cba19 Implement toggle functionality for Mannschaftsspieler status in Mitgliederbereich. Add button for editing status and update local state upon toggling. Enhance API response handling to include isMannschaftsspieler attribute for user data retrieval. 2025-12-19 10:14:41 +01:00
Torsten Schulz (local)
38fde30e41 Remove debug console logs from MannschaftenUebersicht, TermineVorschau, spielplaene, and filterData components to clean up code and improve performance. 2025-12-19 10:06:01 +01:00
Torsten Schulz (local)
c66a7a62cf Enhance newsletter management by adding role-based access control for group creation. Introduce computed property to determine if the user can create groups based on their roles, improving functionality and user experience. 2025-12-19 10:03:21 +01:00
Torsten Schulz (local)
ccef4a33fb Update DATENSCHUTZ_UEBERSICHT.md to enhance data protection overview with a comprehensive table of contents, detailed descriptions of encrypted and non-encrypted data, and security policies. Include sections on encryption technology, authentication, authorization, API access control, roles and permissions, session management, environment variables, file system structure, external dependencies, and security guidelines. 2025-12-19 09:57:56 +01:00
Torsten Schulz (local)
390b7daefc Update dependencies to include TinyMCE and Quill, enhance Navigation component with a new Newsletter submenu, and implement role-based access control for CMS features. Refactor user role handling to support multiple roles and improve user management functionality across various API endpoints. 2025-12-19 09:51:28 +01:00