13 Commits

Author	SHA1	Message	Date
Torsten Schulz (local)	01cf0e58cb	Add support for multiple encryption keys in data handling ... This commit introduces a mechanism to handle multiple possible encryption keys for data decryption across various modules, including auth.js, members.js, newsletter.js, and encryption.js. It adds functions to retrieve potential old keys for migration purposes and updates the decryption logic to attempt decryption with these keys. Additionally, it includes warnings for users when old keys are used and provides guidance for re-encrypting data. This enhancement improves data migration capabilities and ensures backward compatibility with previously encrypted data.	2026-01-09 09:05:05 +01:00
Torsten Schulz (local)	673c34ac9d	Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse.	2026-01-05 11:50:57 +01:00
Torsten Schulz (local)	6fda6ebad0	Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application.	2025-12-20 15:05:49 +01:00
Torsten Schulz (local)	c9037fec45	Update path handling comments across multiple files to enhance security against path traversal vulnerabilities, ensuring consistent use of nosemgrep annotations for better code analysis.	2025-12-20 14:49:57 +01:00
Torsten Schulz (local)	968c749fe3	Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities.	2025-12-20 10:54:49 +01:00
Torsten Schulz (local)	316cce1b26	Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.	2025-12-20 10:49:20 +01:00
Torsten Schulz (local)	435e28fd55	Update dependencies to include TinyMCE and Quill, enhance Navigation component with a new Newsletter submenu, and implement role-based access control for CMS features. Refactor user role handling to support multiple roles and improve user management functionality across various API endpoints.	2025-12-19 09:51:28 +01:00
Torsten Schulz (local)	680629e1f8	Add dotenv package for environment variable management and refactor SMTP credential handling in email services. Enhance error handling for missing SMTP credentials across various API endpoints to improve reliability and maintainability.	2025-12-18 12:19:23 +01:00
Torsten Schulz (local)	dd4691b462	Refactor authentication and data handling in API; implement encryption for user and member data storage. Update relevant components to utilize new encryption methods, ensuring secure data management across the application. Enhance error handling and streamline data writing processes for improved reliability.	2025-11-05 13:49:47 +01:00
Torsten Schulz (local)	fa54e53820	Add missing getUserById and getUserByEmail exports to auth utils	2025-10-21 14:30:56 +02:00
Torsten Schulz (local)	1015d37eb7	Add global auth state with composable for reactive login status	2025-10-21 14:12:01 +02:00
Torsten Schulz (local)	f058516a3d	Add registration page, fix auth paths, and improve navigation	2025-10-21 11:31:43 +02:00
Torsten Schulz (local)	2b249577a7	Add authentication system with login, password reset, and member area	2025-10-21 11:23:06 +02:00