This commit introduces a new function to streamline the process of starting and restarting PM2 instances, improving error handling and logging. It also updates the harheimertc.config.cjs file to utilize a helper function for environment variable management, allowing for better organization and support for multiple instances. The deployment script now checks the status of both PM2 instances, providing clearer feedback on their operational state, which enhances overall deployment reliability.
This commit introduces a new link to the "Mannschaften" section in both the Navigation.vue and cms/index.vue components. The addition enhances navigation options for users, allowing easier access to manage and edit teams. The new link is styled consistently with existing navigation elements, improving the overall user experience.
This commit updates the deploy-production.sh script to remove tracked public/data CSV files from the Git index and ensures that backup files are restored correctly, with size verification for integrity. Additionally, it modifies the Navigation.vue component to allow access to the gallery for users with newsletter permissions, enhancing user experience and access control.
This commit introduces a new function, getSortedKategorien, to sort competition categories based on a predefined order. The rendering of categories in the Vereinsmeisterschaften component is updated to utilize this new sorting function, improving the organization and display of results. This change enhances the user experience by ensuring categories are presented in a consistent and logical order.
This commit enhances the cookie handling logic by providing detailed comments on the SameSite attribute options and their implications for security. It sets the default SameSite value to 'none' to allow iframe embedding while ensuring that Secure is true when SameSite is 'none'. Additionally, it adds a warning for cases where SameSite is 'none' but Secure is false, improving the overall security posture of cookie management.
This commit removes the X-Frame-Options header in favor of using Content Security Policy (CSP) with frame-ancestors for better flexibility and modern security practices. It also adds a fallback for frame-ancestors in case CSP is not enabled. Additionally, the JavaScript middleware is updated to reflect these changes, ensuring consistent security header management across the application.
This commit introduces a mechanism to handle multiple possible encryption keys for data decryption across various modules, including auth.js, members.js, newsletter.js, and encryption.js. It adds functions to retrieve potential old keys for migration purposes and updates the decryption logic to attempt decryption with these keys. Additionally, it includes warnings for users when old keys are used and provides guidance for re-encrypting data. This enhancement improves data migration capabilities and ensures backward compatibility with previously encrypted data.
This commit updates the newsletter subscription component to display the user's email when logged in, improving user experience. It also adds logic to load the user's profile data upon authentication, ensuring that the email field is pre-filled for logged-in users. Additionally, the server-side subscription handler is modified to check user authentication status, allowing only logged-in users to subscribe to certain groups. This change enhances the overall subscription process and aligns it with user authentication state.
This commit deletes several files related to Passkey functionality, including CORS_TEST_ANLEITUNG.md, CROSS_DEVICE_DEBUG.md, CROSS_DEVICE_PROBLEM_ZUSAMMENFASSUNG.md, SMARTPHONE_TEST_ANLEITUNG.md, test-cors.html, test-smartphone.html, and Vue components for Passkey registration and recovery. These removals are part of a broader effort to streamline the codebase and focus on core authentication methods while Passkey support is under review.
Remove Passkey login and registration features from login.vue and registrieren.vue, including associated debug logs and UI elements. This change aims to streamline the user experience by focusing on standard login methods while Passkey support is under review. Additionally, disable Passkey management in profil.vue to ensure consistency across the application.
Update the registrieren.vue component to enhance debug logging for local authenticator usage, providing clearer messages about the expected behavior during registration. Modify the register-passkey-options API to specify the use of local authenticators, ensuring better clarity on the authenticator selection process. This update aims to improve user understanding and troubleshooting during Passkey registration without the need for Cross-Device functionality.
Update the registrieren.vue component to improve debug logging for Cross-Device registration, including checks for local authenticators and tunnel server connections. Add warnings for potential issues when Cross-Device is not used. Modify the register-passkey-options API to ensure compatibility with Cross-Device requirements by allowing both platform and cross-platform authenticators. This update aims to provide clearer insights and troubleshooting guidance during the Passkey registration process.
Update the CROSS_DEVICE_PROBLEM_ZUSAMMENFASSUNG.md to clarify the role of tunnel servers in the Cross-Device authentication process and outline troubleshooting steps. Additionally, enhance the registrieren.vue component with detailed information about the FIDO Cross-Device flow, including QR-Code format, connection requirements, and potential issues. Improve the register-passkey-options API documentation to reflect the use of tunnel servers, ensuring better understanding and support for Cross-Device functionality.
Update the registrieren.vue component to include additional debug information for the Passkey registration process. Introduce new elements for displaying the smartphone URL, registration ID, and full options JSON, improving the clarity of debug outputs. Implement a copy-to-clipboard functionality for easier access to debug data, enhancing the overall user experience during Cross-Device registration.
Add functionality to log all requests from mobile devices, improving debugging capabilities. Extend the existing passkey endpoint checks to include a new endpoint for cross-device registration. This update aims to provide clearer insights into mobile user interactions with the application.
Improve logging in the register-passkey-options and log-requests middleware to provide detailed insights into request handling. Add user-agent analysis, IP address logging, and mobile/desktop detection to aid in troubleshooting. This update aims to enhance the clarity of request logs and support better debugging during the Passkey registration process.
Update the registrieren.vue component to include detailed debug statements for the Cross-Device authentication flow, specifically during QR-Code generation. Improve logging in the register-passkey-options and register-passkey APIs to capture request details such as user agent and IP address, aiding in troubleshooting. Additionally, introduce a new function to retrieve pre-registration data, enhancing the overall registration process and compliance with Cross-Device requirements.
Refactor the Passkey registration logic in multiple components to utilize the new API structure requiring { optionsJSON: options }. Enhance debug logging to validate options, including checks for user ID format and challenge type. This update aims to improve compliance with the latest library requirements and provide better insights during the registration process.
Update the test-smartphone.html to replace the use of @simplewebauthn/browser with the native WebAuthn API for Passkey registration. Enhance user feedback with additional messages regarding the use of the native API and improve the handling of user ID formats. Include detailed logging of credential creation options and ensure proper serialization of credential data for better debugging and compliance.
Add additional debug statements to the register-passkey-options API to validate the options structure, including checks for challenge type and user ID format. Improve logging to capture detailed information about the options being returned, aiding in troubleshooting and ensuring compliance with Cross-Device requirements.
Add detailed debug statements in the registrieren.vue component to validate the complete options structure during Passkey registration. Update the register-passkey API to simplify the options return process, eliminating unnecessary serialization while maintaining comprehensive logging of the options details for improved troubleshooting.
Add comprehensive debug statements in the registrieren.vue component to validate the options structure and ensure the challenge format is correct before initiating registration. Update the register-passkey API to log additional request details, including client IP and user-agent analysis, to improve troubleshooting and provide better insights during the registration process.
Add detailed debug statements in the registrieren.vue component to provide insights into the QR-Code generation process and the Cross-Device authentication flow. Additionally, update the register-passkey API to log request details, including user agent and method, to improve troubleshooting capabilities and ensure clarity during the registration process.
Update deploy-production.sh to include checks for PM2 installation and process existence before restarting. Implement error messages for failed starts and restarts, improving robustness and user guidance during deployment. Additionally, add useful commands for managing the PM2 process post-deployment.
Introduce a comprehensive CORS testing guide in CORS_TEST_ANLEITUNG.md, detailing steps for testing OPTIONS and POST requests, along with expected responses. Additionally, add a new HTML test page (test-cors.html) to facilitate interactive testing of CORS headers and responses for the Passkey registration API. Update the server API to ensure proper CORS headers are set for Cross-Device Authentication, enhancing the overall testing and debugging process.
Update deploy-production.sh to include checks for missing dependencies, capture build output, and validate the presence of critical files and directories. This enhancement aims to provide clearer feedback during the build process and ensure a more robust deployment experience.
Update deploy-production.sh to include comprehensive build validation checks, ensuring critical files and directories are present before proceeding. Enhance the registrieren.vue component to conditionally display the window origin and improve debug logging for the registration process. Additionally, add debug information in the register-passkey-options API to capture request details, including environment and process ID, for better troubleshooting capabilities.
Add checks to verify the success of the build process in deploy-production.sh. Implement error messages for missing critical files and directories, improving error handling and providing clear feedback during deployment. This update aims to ensure a successful build before proceeding with production data restoration.
Introduce a visible debug section in the registrieren.vue component to confirm the loading status and the definition of the handleFormSubmit method. This addition aims to enhance visibility during development and assist in troubleshooting component behavior.
Introduce console log statements to track the loading and setup phases of the registrieren.vue component. This enhancement aims to improve visibility into the component's lifecycle, aiding in debugging and troubleshooting during development.
Update the form submission method to a unified handler, improving code clarity and maintainability. Add detailed debug logging to track form submission events and registration method calls, aiding in troubleshooting and providing better insights during the registration process.
Introduce a debug information section in the passkey registration flow, providing insights into the challenge, RP-ID, and origin when debugging is enabled. Enhance logging to capture detailed options and cross-device authentication information, improving troubleshooting capabilities and user guidance during the registration process.
Add detailed debug logging to track the verification parameters and errors during the passkey registration flow. Implement validation to ensure the expected origin does not include port 3100, improving error handling and providing clear guidance for configuration issues. This update aims to enhance troubleshooting and the overall robustness of the registration process.
Refine the WebAuthn configuration to ensure that HTTPS origins do not include ports, improving compliance with standards. Add additional debug logging in the passkey registration process to verify the webauthnOrigin and provide guidance for configuration issues, aiding in troubleshooting and enhancing the clarity of the registration flow.
Update the WebAuthn configuration to ensure HTTPS origins do not include ports, improving compliance with standards. Add detailed debug logging in the passkey registration process to verify the actual origin from the client response, aiding in troubleshooting and enhancing the clarity of the registration flow.
Add comprehensive debug logging throughout the passkey registration flow, including request handling, option generation, and verification steps. Implement validation for incoming requests and responses to ensure required fields are present, improving error handling and clarity. This update aims to facilitate troubleshooting and enhance the overall robustness of the registration process.
Enhance the registration process by adding error handling for the WebAuthn startRegistration method and ensuring the presence of required options. Include debug logging for received options and serialize the options correctly before returning them in the API response, improving robustness and clarity in the registration flow.
Add validation for server response in the registration process, ensuring the presence of necessary options. Implement CORS headers for cross-device authentication and increase the timeout for registration to 5 minutes. Include debug logging for options structure to aid in troubleshooting.
Update the CORS header variable name from 'origin' to 'requestOrigin' in both login and registration API endpoints for improved clarity and consistency. This change enhances the readability of the code while maintaining support for cross-device authentication.
Enhance authentication options in the server API by adding CORS headers to support cross-device authentication. Implement handling for preflight OPTIONS requests and increase timeout for registration and authentication processes to 5 minutes, improving user experience and compatibility across devices.
