torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
246 Commits 2 Branches 0 Tags
ce5915a3bcc7479cf8f3928c69b45e67994adbf4
Commit Graph

33 Commits

Author SHA1 Message Date
Torsten Schulz (local)
0d533710cd Refactor file handling to prioritize internal data directories for backups and uploads; enhance error handling and logging for metadata and CSV operations.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Details
2026-02-11 11:42:24 +01:00
Torsten Schulz (local)
905e02debf Update CMS navigation links and remove membership application page 
This commit modifies the Navigation component and the CMS index page to replace the "Mitglieder" link with "Mitgliederverwaltung" and updates the corresponding route. Additionally, it removes the outdated "mitgliedschaftsantraege" page, streamlining the CMS structure and improving user navigation.
 2026-02-09 09:58:46 +01:00
Torsten Schulz (local)
a47a7690b2 Update cookie SameSite configuration and secure options for improved security compliance 
This commit enhances the cookie handling logic by providing detailed comments on the SameSite attribute options and their implications for security. It sets the default SameSite value to 'none' to allow iframe embedding while ensuring that Secure is true when SameSite is 'none'. Additionally, it adds a warning for cases where SameSite is 'none' but Secure is false, improving the overall security posture of cookie management.
 2026-01-11 21:10:00 +01:00
Torsten Schulz (local)
0274bed267 Add support for multiple encryption keys in data handling 
This commit introduces a mechanism to handle multiple possible encryption keys for data decryption across various modules, including auth.js, members.js, newsletter.js, and encryption.js. It adds functions to retrieve potential old keys for migration purposes and updates the decryption logic to attempt decryption with these keys. Additionally, it includes warnings for users when old keys are used and provides guidance for re-encrypting data. This enhancement improves data migration capabilities and ensures backward compatibility with previously encrypted data.
 2026-01-09 09:05:05 +01:00
Torsten Schulz (local)
6b1dee69f6 Enhance debug logging and Cross-Device support for Passkey Registration 
Update the registrieren.vue component to include detailed debug statements for the Cross-Device authentication flow, specifically during QR-Code generation. Improve logging in the register-passkey-options and register-passkey APIs to capture request details such as user agent and IP address, aiding in troubleshooting. Additionally, introduce a new function to retrieve pre-registration data, enhancing the overall registration process and compliance with Cross-Device requirements.
 2026-01-08 23:27:11 +01:00
Torsten Schulz (local)
678a14c004 Enhance WebAuthn origin handling and debug logging for passkey registration 
Refine the WebAuthn configuration to ensure that HTTPS origins do not include ports, improving compliance with standards. Add additional debug logging in the passkey registration process to verify the webauthnOrigin and provide guidance for configuration issues, aiding in troubleshooting and enhancing the clarity of the registration flow.
 2026-01-07 22:01:28 +01:00
Torsten Schulz (local)
ea233d7211 Refine WebAuthn configuration and enhance debug logging for origin verification 
Update the WebAuthn configuration to ensure HTTPS origins do not include ports, improving compliance with standards. Add detailed debug logging in the passkey registration process to verify the actual origin from the client response, aiding in troubleshooting and enhancing the clarity of the registration flow.
 2026-01-07 21:54:02 +01:00
Torsten Schulz (local)
50d634eb2e Implement passkey recovery feature, including email link requests and registration options. Update login and registration pages to support passkey authentication, with UI enhancements for user experience. Add server-side handling for passkey registration and login, including account activation checks. Update environment configuration for passkey recovery TTL settings. 2026-01-07 18:37:01 +01:00
Torsten Schulz (local)
5ce064cff0 Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse. 2026-01-05 11:50:57 +01:00
Torsten Schulz (local)
d89cabdd34 Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application. 2025-12-20 15:05:49 +01:00
Torsten Schulz (local)
3e956ac46b Update path handling comments across multiple files to enhance security against path traversal vulnerabilities, ensuring consistent use of nosemgrep annotations for better code analysis. 2025-12-20 14:49:57 +01:00
Torsten Schulz (local)
db0b0c390a Enhance security by adding role-checking functions in ESLint configuration and updating Vue components to improve content sanitization comments, while refining error handling in API endpoints for better clarity. 2025-12-20 14:19:55 +01:00
Torsten Schulz (local)
fbdb6f6b6f Enhance security by adding DOMPurify comments in Vue components and updating path handling comments in server utilities to mitigate path traversal risks. 2025-12-20 11:15:31 +01:00
Torsten Schulz (local)
e73d328139 Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities. 2025-12-20 10:54:49 +01:00
Torsten Schulz (local)
8fcb71b946 Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json. 2025-12-20 10:49:20 +01:00
Torsten Schulz (local)
390b7daefc Update dependencies to include TinyMCE and Quill, enhance Navigation component with a new Newsletter submenu, and implement role-based access control for CMS features. Refactor user role handling to support multiple roles and improve user management functionality across various API endpoints. 2025-12-19 09:51:28 +01:00
Torsten Schulz (local)
2dc0bc7d67 Add dotenv package for environment variable management and refactor SMTP credential handling in email services. Enhance error handling for missing SMTP credentials across various API endpoints to improve reliability and maintainability. 2025-12-18 12:19:23 +01:00
Torsten Schulz (local)
42fa9c7dc2 Implement member management enhancements; add bulk import functionality and duplicate checking based on geburtsdatum. Update API to support new fields and improve error handling for member data submissions. Refactor member-related components for better user experience and data validation. 2025-11-05 14:34:31 +01:00
Torsten Schulz (local)
db4a608599 Refactor authentication and data handling in API; implement encryption for user and member data storage. Update relevant components to utilize new encryption methods, ensuring secure data management across the application. Enhance error handling and streamline data writing processes for improved reliability. 2025-11-05 13:49:47 +01:00
Torsten Schulz (local)
f965d89bdd Update Hero component to dynamically display years since founding; enhance TermineVorschau component with improved date and time formatting, and add Uhrzeit column in the CMS for better event management. Refactor API to handle new fields and improve data handling in CSV exports. 2025-11-05 10:36:58 +01:00
Torsten Schulz (local)
752e21f418 Refactor membership PDF generation logic to improve maintainability and validation; remove deprecated form filling methods and enhance email notification process. Update membership page styles for better layout and user experience. 2025-10-23 15:04:45 +02:00
Torsten Schulz (local)
30f788c227 Refactor environment configuration for local development; update SMTP settings and add JWT secret, encryption key, and debug options. Enhance Nuxt configuration for development server and runtime settings. Introduce new membership application form with validation and PDF generation functionality. Update footer and navigation components to include new membership links. Revise user and session data in JSON files. 2025-10-23 01:31:45 +02:00
Torsten Schulz (local)
1406502f5e Fix duplicated readUsers import by removing from members.js 2025-10-22 11:53:47 +02:00
Torsten Schulz (local)
2411fd5fae Add CMS termine editor for admin and vorstand 2025-10-21 15:57:42 +02:00
Torsten Schulz (local)
1d2ec02e2f Add public/private news system with homepage display 2025-10-21 15:26:28 +02:00
Torsten Schulz (local)
0494d2cbf4 Replace timestamp-based IDs with UUIDs for guaranteed uniqueness and race condition safety 2025-10-21 15:23:48 +02:00
Torsten Schulz (local)
8eb83a5c6a Fix missing ID generation for new news items and add IDs to existing entries 2025-10-21 15:12:21 +02:00
Torsten Schulz (local)
123a1b152e Add internal news system with role-based write permissions 2025-10-21 14:47:00 +02:00
Torsten Schulz (local)
e8b5421946 Add smart member list with manual+login merge and duplicate detection 2025-10-21 14:35:21 +02:00
Torsten Schulz (local)
89f6edd016 Add missing getUserById and getUserByEmail exports to auth utils 2025-10-21 14:30:56 +02:00
Torsten Schulz (local)
a0e5edeb95 Add global auth state with composable for reactive login status 2025-10-21 14:12:01 +02:00
Torsten Schulz (local)
96b11e5bf5 Add registration page, fix auth paths, and improve navigation 2025-10-21 11:31:43 +02:00
Torsten Schulz (local)
f3c08cfb71 Add authentication system with login, password reset, and member area 2025-10-21 11:23:06 +02:00