Torsten Schulz (local)
530e544542
Implemented the possibility ofa hidden user for playstore tests
Code Analysis and Production Deploy / analyze (push) Failing after 5m40s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
2026-06-09 11:32:00 +02:00
Torsten Schulz (local)
2014abe660
Add unit tests for data file rotation utility functions
...
Code Analysis and Production Deploy / analyze (push) Failing after 5m24s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
- Implement tests for writing data files with rotation, ensuring backups are created only on changes.
- Verify that old backups are rotated correctly and the maximum number of backups is maintained.
- Test restoration of backups while preserving the current state as a backup.
- Utilize Vitest for testing framework and manage temporary file storage during tests.
2026-06-01 11:21:21 +02:00
Torsten Schulz (local)
6507afea5f
feat: add QTTR values feature to member area
...
Code Analysis and Production Deploy / analyze (push) Successful in 5m49s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m7s
- Implemented QTTR values screen in the member area with data fetching and display.
- Added new API endpoint for QTTR values retrieval.
- Created a new view model for managing QTTR data state.
- Updated navigation to include QTTR section.
- Enhanced error handling and loading states for QTTR data.
- Adjusted server-side logic to import QTTR values from external source.
- Updated Android app version and adjusted build configurations.
- Added necessary UI components and styling for QTTR display.
2026-05-30 23:43:06 +02:00
Torsten Schulz (local)
19d2f21fc3
refactor(security): use centralized getServerDataPath in password-reset-log.js
Code Analysis and Production Deploy / analyze (push) Successful in 5m5s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been cancelled
2026-05-27 19:55:11 +02:00
Torsten Schulz (local)
5074e8f8f8
fix(security): centralize data path validation in getServerDataPath; enforce segment whitelist and resolved-path check
Code Analysis and Production Deploy / deploy-production (push) Has been cancelled
Code Analysis and Production Deploy / analyze (push) Has been cancelled
Code Analysis and Production Deploy / deploy-test (push) Has been cancelled
2026-05-27 19:53:59 +02:00
Torsten Schulz (local)
18a08b0e7a
fix(security): validate resolved data path to prevent path traversal
Code Analysis and Production Deploy / deploy-production (push) Has been cancelled
Code Analysis and Production Deploy / deploy-test (push) Has been cancelled
Code Analysis and Production Deploy / analyze (push) Has been cancelled
2026-05-27 19:51:15 +02:00
Torsten Schulz (local)
026e4ba3e4
fix(password-reset-log): improve filename sanitization and error handling in getDataPath
Code Analysis and Production Deploy / analyze (push) Failing after 5m3s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
2026-05-27 19:41:12 +02:00
Torsten Schulz (local)
58fd7fa5c6
feat(auth): implement Android refresh token handling and session management
...
Code Analysis and Production Deploy / analyze (push) Failing after 5m7s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
- Added support for generating Android access tokens and managing refresh sessions in the auth endpoints.
- Implemented new tests for login, logout, and refresh functionalities specific to Android clients.
- Enhanced password reset logging with normalization and masking of email addresses.
- Created a new diagnostics endpoint for password reset attempts, including filtering and summarizing logs.
- Introduced a new utility for managing password reset logs with retention policies.
- Added tests for password reset log utilities to ensure proper functionality and privacy compliance.
- Updated WebAuthn configuration tests to validate origin handling for production and allowed origins.
2026-05-27 19:34:53 +02:00
Torsten Schulz (local)
fd83b18642
fix(import): prefer seasonal mannschaften csv for tables
Code Analysis and Production Deploy / analyze (push) Successful in 2m44s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m0s
2026-05-20 18:58:46 +02:00
Torsten Schulz (local)
459da00820
fix(import): publish season spielplan json after import
Code Analysis and Production Deploy / analyze (push) Successful in 2m47s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m2s
2026-05-20 18:12:32 +02:00
Torsten Schulz (local)
f883d45452
fix(security): harden season file paths for semgrep
Code Analysis and Production Deploy / analyze (push) Successful in 2m45s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m1s
2026-05-20 18:03:29 +02:00
Torsten Schulz (local)
964a68cdfd
refactor(import): drop meetings excerpt from tables export
Code Analysis and Production Deploy / deploy-production (push) Has been cancelled
Code Analysis and Production Deploy / deploy-test (push) Has been cancelled
Code Analysis and Production Deploy / analyze (push) Has been cancelled
2026-05-20 17:36:10 +02:00
Torsten Schulz (local)
21b39d4e5c
feat(import): add daily click-tt league table import by season
Code Analysis and Production Deploy / analyze (push) Failing after 2m39s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
2026-05-20 17:28:07 +02:00
Torsten Schulz (local)
e5c247f703
Aktualisiere die Version auf 1.4.3, füge Validierung für Saison-Slugs hinzu und implementiere ein Logging-System für Fehler und Informationen
Code Analysis and Production Deploy / analyze (push) Has been skipped
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 1m49s
Code Analysis and Production Deploy / analyze (pull_request) Failing after 2m37s
Code Analysis and Production Deploy / deploy-production (pull_request) Has been skipped
Code Analysis and Production Deploy / deploy-test (pull_request) Has been skipped
Require Package Version Change / check (pull_request) Failing after 8s
2026-05-20 11:20:54 +02:00
Torsten Schulz (local)
2503eb92af
Aktualisiere die Version auf 1.4.2 und füge Funktionen zur Fehlerprotokollierung und Validierung von Saison-Slugs hinzu
Code Analysis and Production Deploy / analyze (push) Has been skipped
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 1m51s
Code Analysis and Production Deploy / analyze (pull_request) Failing after 2m43s
Code Analysis and Production Deploy / deploy-production (pull_request) Has been skipped
Code Analysis and Production Deploy / deploy-test (pull_request) Has been skipped
Require Package Version Change / check (pull_request) Failing after 8s
2026-05-20 11:07:56 +02:00
Torsten Schulz (local)
0849c625cb
Add script for importing match schedule and logging
...
Code Analysis and Production Deploy / analyze (push) Has been skipped
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m2s
Code Analysis and Production Deploy / analyze (pull_request) Failing after 33s
Code Analysis and Production Deploy / deploy-production (pull_request) Has been skipped
Code Analysis and Production Deploy / deploy-test (pull_request) Has been skipped
Require Package Version Change / check (pull_request) Failing after 10s
- Created `import-spielplan.js` to fetch and parse the match schedule from the specified URL, saving the output as JSON.
- Added `run-spielplan-import.sh` to automate the execution of the import script and log output.
- Introduced `spielplan.html` file to store the downloaded HTML content for further processing.
2026-05-19 16:23:28 +02:00
Torsten Schulz (local)
e60c0f4481
Add logic to include active trainers as newsletter recipients
...
Code Analysis and Production Deploy / analyze (push) Has been skipped
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Successful in 2m1s
Code Analysis and Production Deploy / analyze (pull_request) Failing after 3m16s
Code Analysis and Production Deploy / deploy-production (pull_request) Has been skipped
Code Analysis and Production Deploy / deploy-test (pull_request) Has been skipped
Require Package Version Change / check (pull_request) Successful in 11s
- Enhanced the getRecipientsByGroup function to filter and add active trainers from users.json to the newsletter recipients list.
- Ensured that duplicate emails are not added to the recipients array.
2026-04-27 15:10:57 +02:00
Torsten Schulz (local)
4d5fb43ebc
Enhance deploy-test.sh with functions for Node.js version management, dependency installation, and public document synchronization. Implement checks for Node.js version requirements and improve error handling for document syncing. Update environment configuration in harheimertc.test.config.cjs to support development and test environments. Modify email recipient logic in contact and email service APIs to prevent notifications in test environments. Add tests to verify behavior in test conditions.
Code Analysis and Production Deploy / analyze (push) Successful in 2m52s
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Code Analysis and Production Deploy / deploy-test (push) Failing after 12s
2026-04-16 13:06:14 +02:00
Torsten Schulz (local)
9c54b6907e
Apply non-major audit updates and harden path handling for Semgrep.
...
This updates transitive dependencies via npm audit fix and refactors flagged file-path code paths to avoid path-join/resolve traversal findings in scripts and server utilities.
Made-with: Cursor
2026-04-15 21:00:28 +02:00
Torsten Schulz (local)
edfab28fd3
Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.
Code Analysis (JS/Vue) / analyze (push) Failing after 2m48s
2026-04-15 20:52:38 +02:00
Torsten Schulz (local)
ef2d9353f5
Enhance ESLint configuration to include support for .mjs and .cjs file types. Update ignored files patterns to ensure proper linting of project files. Refactor Vue component templates for improved readability and maintainability, including consistent formatting and structure across various components. Update error handling in save functions to prevent silent failures.
Code Analysis (JS/Vue) / analyze (push) Failing after 52s
2026-04-15 20:37:14 +02:00
Torsten Schulz (local)
c30911daed
Refactor saveMember function to enhance duplicate member handling, allowing updates to existing duplicates and improving error handling for member existence checks.
Code Analysis (JS/Vue) / analyze (push) Failing after 51s
2026-03-29 14:54:18 +02:00
Torsten Schulz (local)
bdc9eef707
Refactor saveMember function to improve duplicate member handling and streamline member updates. Enhance error messaging for non-existent members and ensure new members are added with default active status.
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
2026-03-29 14:49:04 +02:00
Torsten Schulz (local)
74246e6b08
Implement status toggle functionality for contact requests, updating the status display and adding error handling. Enhance the UI with a new button for marking requests as completed or reopening them.
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
2026-03-11 21:16:03 +01:00
Torsten Schulz (local)
46c2c14ae8
Füge Unterstützung für Kontaktanfragen hinzu, einschließlich neuer Routen und Berechtigungen für Trainer und Vorstand. Aktualisiere E-Mail-Versandlogik, um Anfragen an alle relevanten Empfänger weiterzuleiten.
Code Analysis (JS/Vue) / analyze (push) Failing after 56s
2026-02-26 14:28:54 +01:00
Torsten Schulz (local)
3d3e22bb1b
Implementiere zentralen E-Mail-Service für Registrierungsbenachrichtigungen und entferne veralteten Code
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
2026-02-11 15:41:03 +01:00
Torsten Schulz (local)
0d533710cd
Refactor file handling to prioritize internal data directories for backups and uploads; enhance error handling and logging for metadata and CSV operations.
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
2026-02-11 11:42:24 +01:00
Torsten Schulz (local)
905e02debf
Update CMS navigation links and remove membership application page
...
This commit modifies the Navigation component and the CMS index page to replace the "Mitglieder" link with "Mitgliederverwaltung" and updates the corresponding route. Additionally, it removes the outdated "mitgliedschaftsantraege" page, streamlining the CMS structure and improving user navigation.
2026-02-09 09:58:46 +01:00
Torsten Schulz (local)
a47a7690b2
Update cookie SameSite configuration and secure options for improved security compliance
...
This commit enhances the cookie handling logic by providing detailed comments on the SameSite attribute options and their implications for security. It sets the default SameSite value to 'none' to allow iframe embedding while ensuring that Secure is true when SameSite is 'none'. Additionally, it adds a warning for cases where SameSite is 'none' but Secure is false, improving the overall security posture of cookie management.
2026-01-11 21:10:00 +01:00
Torsten Schulz (local)
0274bed267
Add support for multiple encryption keys in data handling
...
This commit introduces a mechanism to handle multiple possible encryption keys for data decryption across various modules, including auth.js, members.js, newsletter.js, and encryption.js. It adds functions to retrieve potential old keys for migration purposes and updates the decryption logic to attempt decryption with these keys. Additionally, it includes warnings for users when old keys are used and provides guidance for re-encrypting data. This enhancement improves data migration capabilities and ensures backward compatibility with previously encrypted data.
2026-01-09 09:05:05 +01:00
Torsten Schulz (local)
6b1dee69f6
Enhance debug logging and Cross-Device support for Passkey Registration
...
Update the registrieren.vue component to include detailed debug statements for the Cross-Device authentication flow, specifically during QR-Code generation. Improve logging in the register-passkey-options and register-passkey APIs to capture request details such as user agent and IP address, aiding in troubleshooting. Additionally, introduce a new function to retrieve pre-registration data, enhancing the overall registration process and compliance with Cross-Device requirements.
2026-01-08 23:27:11 +01:00
Torsten Schulz (local)
678a14c004
Enhance WebAuthn origin handling and debug logging for passkey registration
...
Refine the WebAuthn configuration to ensure that HTTPS origins do not include ports, improving compliance with standards. Add additional debug logging in the passkey registration process to verify the webauthnOrigin and provide guidance for configuration issues, aiding in troubleshooting and enhancing the clarity of the registration flow.
2026-01-07 22:01:28 +01:00
Torsten Schulz (local)
ea233d7211
Refine WebAuthn configuration and enhance debug logging for origin verification
...
Update the WebAuthn configuration to ensure HTTPS origins do not include ports, improving compliance with standards. Add detailed debug logging in the passkey registration process to verify the actual origin from the client response, aiding in troubleshooting and enhancing the clarity of the registration flow.
2026-01-07 21:54:02 +01:00
Torsten Schulz (local)
50d634eb2e
Implement passkey recovery feature, including email link requests and registration options. Update login and registration pages to support passkey authentication, with UI enhancements for user experience. Add server-side handling for passkey registration and login, including account activation checks. Update environment configuration for passkey recovery TTL settings.
2026-01-07 18:37:01 +01:00
Torsten Schulz (local)
5ce064cff0
Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse.
2026-01-05 11:50:57 +01:00
Torsten Schulz (local)
d89cabdd34
Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application.
2025-12-20 15:05:49 +01:00
Torsten Schulz (local)
3e956ac46b
Update path handling comments across multiple files to enhance security against path traversal vulnerabilities, ensuring consistent use of nosemgrep annotations for better code analysis.
2025-12-20 14:49:57 +01:00
Torsten Schulz (local)
db0b0c390a
Enhance security by adding role-checking functions in ESLint configuration and updating Vue components to improve content sanitization comments, while refining error handling in API endpoints for better clarity.
2025-12-20 14:19:55 +01:00
Torsten Schulz (local)
fbdb6f6b6f
Enhance security by adding DOMPurify comments in Vue components and updating path handling comments in server utilities to mitigate path traversal risks.
2025-12-20 11:15:31 +01:00
Torsten Schulz (local)
e73d328139
Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities.
2025-12-20 10:54:49 +01:00
Torsten Schulz (local)
8fcb71b946
Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.
2025-12-20 10:49:20 +01:00
Torsten Schulz (local)
390b7daefc
Update dependencies to include TinyMCE and Quill, enhance Navigation component with a new Newsletter submenu, and implement role-based access control for CMS features. Refactor user role handling to support multiple roles and improve user management functionality across various API endpoints.
2025-12-19 09:51:28 +01:00
Torsten Schulz (local)
2dc0bc7d67
Add dotenv package for environment variable management and refactor SMTP credential handling in email services. Enhance error handling for missing SMTP credentials across various API endpoints to improve reliability and maintainability.
2025-12-18 12:19:23 +01:00
Torsten Schulz (local)
42fa9c7dc2
Implement member management enhancements; add bulk import functionality and duplicate checking based on geburtsdatum. Update API to support new fields and improve error handling for member data submissions. Refactor member-related components for better user experience and data validation.
2025-11-05 14:34:31 +01:00
Torsten Schulz (local)
db4a608599
Refactor authentication and data handling in API; implement encryption for user and member data storage. Update relevant components to utilize new encryption methods, ensuring secure data management across the application. Enhance error handling and streamline data writing processes for improved reliability.
2025-11-05 13:49:47 +01:00
Torsten Schulz (local)
f965d89bdd
Update Hero component to dynamically display years since founding; enhance TermineVorschau component with improved date and time formatting, and add Uhrzeit column in the CMS for better event management. Refactor API to handle new fields and improve data handling in CSV exports.
2025-11-05 10:36:58 +01:00
Torsten Schulz (local)
752e21f418
Refactor membership PDF generation logic to improve maintainability and validation; remove deprecated form filling methods and enhance email notification process. Update membership page styles for better layout and user experience.
2025-10-23 15:04:45 +02:00
Torsten Schulz (local)
30f788c227
Refactor environment configuration for local development; update SMTP settings and add JWT secret, encryption key, and debug options. Enhance Nuxt configuration for development server and runtime settings. Introduce new membership application form with validation and PDF generation functionality. Update footer and navigation components to include new membership links. Revise user and session data in JSON files.
2025-10-23 01:31:45 +02:00
Torsten Schulz (local)
1406502f5e
Fix duplicated readUsers import by removing from members.js
2025-10-22 11:53:47 +02:00
Torsten Schulz (local)
2411fd5fae
Add CMS termine editor for admin and vorstand
2025-10-21 15:57:42 +02:00
