- replace bearer auth with session+CSRF flow and add admin user directory
- update frontend moderation flow, force password change gate, and new CLI
- refresh changelog/docs/feature plan + ensure swagger dev experience
✅ Completed Features:
- Comprehensive test suite (45 tests, 100% passing)
- Admin API authentication (Bearer Token)
- Automatic OpenAPI generation from route mappings
- Complete API documentation
- Frontend migration guide
📊 Changes:
- Backend: Production ready with 26% test coverage
- Frontend: Migration required (ALL routes changed)
- Documentation: Complete suite for developers
See CHANGELOG.md and frontend/MIGRATION-GUIDE.md for details.
Critical corrections to frontend/MIGRATION-GUIDE.md:
- Emphasize ALL API routes now have consistent /api prefix
- Old routes had inconsistent prefixes (some with /api, some without)
- List specific files with wrong routes that need fixing:
* ModerationGroupsPage.js: /groups/* → /api/admin/groups/*
* ModerationGroupImagesPage.js: /moderation/groups/* → /api/admin/groups/*
* PublicGroupImagesPage.js: /groups/* → /api/groups/*
- Add 3-phase checklist: Route Prefixes → Authentication → Testing
- Provide grep commands to find ALL fetch/axios calls
- Make clear this affects the entire frontend, not just admin features
Migration effort estimate increased: 3-4 hours (route audit + auth)
- Add prominent migration guide reference in README.dev.md API section
- Remove backend/TESTING.md (info now in README.dev.md)
- Remove backend/test-openapi-paths.js (replaced by automated tests)
🧪 Testing Infrastructure (45 tests, 100% passing)
- Implemented Jest + Supertest framework for automated testing
- Unit tests: 5 tests for auth middleware (100% coverage)
- Integration tests: 40 tests covering admin, consent, migration, upload APIs
- Test execution time: ~10 seconds for full suite
- Coverage: 26% statements, 15% branches (realistic start)
- In-memory SQLite database for isolated testing
- Singleton server pattern for fast test execution
- Automatic cleanup and teardown
🔒 Admin API Authentication
- Bearer token authentication for all admin endpoints
- requireAdminAuth middleware with ADMIN_API_KEY validation
- Protected routes: /api/admin/*, /api/system/migration/migrate|rollback
- Complete authentication guide in AUTHENTICATION.md
- HTTP 403 for missing/invalid tokens, 500 if not configured
- Ready for production with token rotation support
📋 API Route Documentation
- Single Source of Truth: backend/src/routes/routeMappings.js
- Comprehensive route overview in backend/src/routes/README.md
- Express routing order documented (specific before generic)
- Frontend integration guide with authentication examples
- OpenAPI auto-generation integrated
🐛 Bug Fixes
- Fixed SQLite connection not properly awaited (caused test hangs)
- Fixed upload validation checking req.files.file before req.files
- Fixed Express route order (consent before admin router)
- Fixed test environment using /tmp for uploads (permission issues)
📚 Documentation Updates
- Updated README.md with testing and authentication features
- Updated README.dev.md with testing section and API development guide
- Updated CHANGELOG.md with complete feature documentation
- Updated FEATURE_PLAN-autogen-openapi.md (status: 100% complete)
- Added frontend/MIGRATION-GUIDE.md for frontend team
🚀 Frontend Impact
Frontend needs to add Bearer token to all /api/admin/* calls.
See frontend/MIGRATION-GUIDE.md for detailed instructions.
Test Status: ✅ 45/45 passing (100%)
Backend: ✅ Production ready
Frontend: ⚠️ Migration required (see MIGRATION-GUIDE.md)
Changed ImageGalleryCard to pass itemId (image.id) instead of index
when deleting images in preview mode. This fixes 'Image not found' error
when attempting to delete individual images in ManagementPortalPage
and ModerationGroupImagesPage.
The index was being passed to the API, but the API expects the actual
database image ID.
- Clarified that Phase 1 & 2 tests were done manually
- Added section for outstanding automated tests
- Listed missing test types: Unit, Integration, E2E, Performance, Security
- Status: All features manually tested and functional, but automated test suite pending
- Created new modular components:
* ConsentManager: Manages workshop + social media consents with individual save
* GroupMetadataEditor: Manages group metadata (title, description, name, year) with save
* ImageDescriptionManager: Manages image descriptions with batch save
* DeleteGroupButton: Standalone group deletion component
- Refactored ManagementPortalPage to use modular components:
* Each component in Paper box with heading inside (not outside)
* HTML buttons with CSS classes (btn btn-success, btn btn-secondary)
* Inline feedback with Material-UI Alert instead of SweetAlert2 popups
* Icons: 💾 save, ↩ discard, 🗑️ delete
* Individual save/discard functionality per component
- Enhanced ConsentCheckboxes component:
* Added children prop for flexible composition
* Conditional heading for manage mode inside Paper box
- Fixed DescriptionInput:
* Removed duplicate heading (now only in parent component)
- React state management improvements:
* Deep copy pattern for nested objects/arrays
* Sorted array comparison for order-insensitive change detection
* Set-based comparison for detecting removed items
* Initialization guard to prevent useEffect overwrites
- Bug fixes:
* Fixed image reordering using existing /api/groups/:groupId/reorder route
* Fixed edit mode toggle with unsaved changes warning
* Fixed consent state updates with proper object references
* Fixed uploadImageBatch signature to use object destructuring
* Removed unnecessary /api/manage/:token/reorder route from backend
Next: Apply same modular pattern to MultiUploadPage and ModerationGroupImagesPage
- Task 17: Management-Link im Upload-Erfolg angezeigt mit Copy-Button
- Widerruf-Dialoge überarbeitet: Klarstellung zu Scope & Kontakt für Social Media Posts
- Rate-Limiter für Dev-Umgebung erhöht (100/h statt 10/h)
- Mailto-Link Verhalten noch nicht final getestet (Browser vs. Mail-Client)
ACHTUNG: Noch nicht vollständig getestet! Mailto-Funktionalität muss in verschiedenen Browsern validiert werden.
Issue 6: ModerationGroupsPage - Filter "Alle Gruppen" not working
- Problem: Backend filtered groups with display_in_workshop=1 even when no filter selected
- Solution: Removed filter condition in else block - now shows ALL groups when filter='all'
- File: backend/src/routes/groups.js
- Test: GET /moderation/groups now returns 73 groups (all groups)
Issue 7: Export button "Consent-Daten exportieren" not working
- Problem: Routes had wrong path prefix (/admin/* instead of /api/admin/*)
- Solution: Added /api prefix to consent admin routes for consistency
- Files: backend/src/routes/consent.js
* GET /api/admin/groups/by-consent (was /admin/groups/by-consent)
* GET /api/admin/consents/export (was /admin/consents/export)
- Test: curl http://localhost:5001/api/admin/consents/export?format=csv works
- Export now includes dynamic Social Media platform columns (facebook, instagram, tiktok)
Test Results:
✅ Filter "Alle Gruppen": 73 groups
✅ Filter "Nur Werkstatt": 1 group
✅ Filter "Facebook": 0 groups
✅ Export CSV with platform columns: facebook,instagram,tiktok
✅ Test upload with Social Media consents saved correctly
✅ Export shows consented platforms per group
Files Changed:
- backend/src/routes/groups.js (filter logic fixed)
- backend/src/routes/consent.js (API paths corrected)
Audit-Logging System:
- Migration 007: management_audit_log table with indexes
- Tracks all management portal actions
- IP address, user-agent, request data logging
- Token masking (only first 8 chars stored)
- Success/failure tracking with error messages
ManagementAuditLogRepository:
- logAction() - Log management actions
- getRecentLogs() - Get last N logs
- getLogsByGroupId() - Get logs for specific group
- getFailedActionsByIP() - Security monitoring
- getStatistics() - Overview statistics
- cleanupOldLogs() - Maintenance (90 days retention)
Audit-Log Middleware:
- Adds res.auditLog() helper function
- Auto-captures IP, User-Agent
- Integrated into all management routes
- Non-blocking (errors don't fail main operation)
Admin API Endpoints:
- GET /api/admin/management-audit?limit=N
- GET /api/admin/management-audit/stats
- GET /api/admin/management-audit/group/:groupId
Tested:
✅ Migration executed successfully
✅ Audit logs written on token validation
✅ Admin API returns logs with stats
✅ Token masking working
✅ Statistics accurate
Rate-Limiting:
- IP-based: 10 requests per hour per IP
- Applies to all /api/manage/* routes
- Returns 429 Too Many Requests when limit exceeded
- Automatic cleanup of expired records (>1h old)
Brute-Force Protection:
- Tracks failed token validation attempts
- After 20 failed attempts: IP banned for 24 hours
- Returns 403 Forbidden for banned IPs
- Integrated into GET /api/manage/:token route
Technical Implementation:
- Created backend/src/middlewares/rateLimiter.js
- In-memory storage with Map() for rate limit tracking
- Separate Map() for brute-force detection
- Middleware applied to all management routes
- Token validation failures increment brute-force counter
Tested:
✅ Rate limit blocks after 10 requests
✅ 429 status code returned correctly
✅ Middleware integration working
✅ IP-based tracking functional
Fixed Task 8 (Delete Group API):
- Changed deletionLogRepository.logDeletion() to createDeletionEntry()
- Use correct parameters matching DeletionLogRepository schema
- Deletion now works: group, images, files, consents all removed
- deletion_log entry created with proper data
Tested:
✅ Group deletion with valid token
✅ 404 for invalid/missing tokens
✅ Files deleted (original + preview)
✅ DB records deleted via CASCADE
✅ Deletion log entry created
All 8 Backend Management API tasks complete!
Backend Management API implementation for self-service user portal:
✅ Task 2: Token Generation (already implemented in Phase 1)
- UUID v4 generated at upload
- Stored in groups.management_token
- Returned in upload response
✅ Task 3: Token Validation API
- GET /api/manage/:token
- Validates token and loads complete group data
- Returns group with images, consents, metadata
- 404 for invalid/missing tokens
✅ Task 4: Consent Revocation API
- PUT /api/manage/:token/consents
- Revoke/restore workshop consent
- Revoke/restore social media platform consents
- Sets revoked=1, revoked_timestamp
- Full error handling and validation
✅ Task 5: Metadata Edit API
- PUT /api/manage/:token/metadata
- Update title, description, name
- Supports partial updates
- Automatically sets approved=0 (returns to moderation)
✅ Task 6: Add Images API
- POST /api/manage/:token/images
- Upload new images to existing group
- Calculates correct upload_order
- Sets approved=0 on changes
- Max 50 images per group validation
- Preview generation support
✅ Task 7: Delete Image API
- DELETE /api/manage/:token/images/:imageId
- Deletes original and preview files
- Removes DB entry
- Sets approved=0 if group was approved
- Prevents deletion of last image
⏳ Task 8: Delete Group API (in progress)
- DELETE /api/manage/:token route created
- Integration with existing GroupRepository.deleteGroup
- Needs testing
Technical Changes:
- Created backend/src/routes/management.js
- Added getGroupByManagementToken() to GroupRepository
- Registered /api/manage routes in index.js
- Installed uuid package for token generation
- All routes use token validation helper
- Docker-only development workflow
Tested Features:
- Token validation with real uploads
- Workshop consent revoke/restore
- Social media consent management
- Metadata updates (full and partial)
- Image upload with multipart/form-data
- Image deletion with file cleanup
- Error handling and edge cases
Phase 1 Features (GDPR-compliant):
✅ Mandatory workshop display consent
✅ Optional per-platform social media consents (Facebook, Instagram, TikTok)
✅ Consent badges and filtering in moderation panel
✅ CSV/JSON export for legal documentation
✅ Group ID tracking for consent withdrawal
✅ Automatic migration system fixed
✅ Validated with 72 production groups (all GDPR-compliant)
Implementation: 13 commits, 2 days (Nov 9-10, 2025)
Branch: feature/SocialMedia → main
Status: Production-ready after code review
✅ Phase 1 Complete (Nov 9-10, 2025):
- GDPR-compliant consent management fully implemented
- Mandatory workshop display consent + optional social media consents
- Consent badges, filtering, and CSV/JSON export in moderation panel
- Automatic migration system fixed (inline comments handling)
- GDPR compliance validated: 72 production groups with display_in_workshop = 0
- All features tested and production-ready
Documentation Updates:
- FEATURE_PLAN-social-media.md: All Phase 1 tasks marked complete
- README.md: Added consent system to features, updated database schema, new API endpoints
- README.dev.md: Complete developer guide with debugging, testing, and troubleshooting
Technical Achievements:
- 12 commits over 2 days (faster than 4-5 day estimate)
- Zero GDPR violations (retroactive consent fix validated)
- Zero breaking changes to existing functionality
Ready for Code Review and Production Deployment
- Fixed SQL statement parsing to remove both line and inline comments
- Prevents incomplete SQL statements from inline comments
- Migration 005 and 006 now apply correctly via automatic migration system
- Tested with production data: All 72 groups have display_in_workshop = 0 (GDPR compliant)
Problem: Moderation filter returned 0 groups because:
1. groupFormatter.formatGroupDetail() didn't include display_in_workshop field
2. Platform filters incorrectly required workshop consent
Solution:
- Add display_in_workshop and consent_timestamp to formatGroupDetail()
- Remove workshop requirement from platform filters
- Add default filter to show only groups with workshop consent
- Fix workshop-only filter to check for consented social media
Filter logic:
- 'Alle Gruppen': Only groups WITH workshop consent
- 'Nur Werkstatt': Groups with workshop BUT WITHOUT social media
- Platform filters: Groups with that platform consent (independent of workshop)
Problem: Filtered groups were missing preview images because
getGroupsByConsentStatus() only returned group metadata without images.
Solution: Load all groups with getAllGroupsWithModerationInfo() first
(includes images), add consent data, then filter in-memory based on
query parameters. This ensures preview images are always included.
- Reduce success block complexity to match original styling level
- Keep same information (group ID, next steps, GDPR contact)
- Maintain consistent Material-UI sx usage with rest of app
- Move ConsentCheckboxes below DescriptionInput for better flow
- Replace success dialog with inline success display
- Add copy-to-clipboard button for group ID
- Show detailed next steps and GDPR contact info inline
- Update consent.js routes to use /api prefix
- Add /api/social-media location to dev/prod nginx configs
- Fix route registration for proper API access
- Add ConsentCheckboxes component with workshop and social media consents
- Add UploadSuccessDialog with group ID display and copy functionality
- Integrate consent validation into MultiUploadPage
- Extend batchUpload utility to send consent data
- Add GDPR compliance notices and contact information
- Block uploads without required workshop consent
- Parse consent data from request body (workshopConsent, socialMediaConsents)
- Validate workshop consent is required (400 error if missing)
- Use createGroupWithConsent() instead of createGroup()
- Pass consent data to repository for database storage
- Maintains backward compatibility with existing upload flow
- GDPR-compliant: no upload without explicit workshop consent
- Create consent.js with comprehensive API endpoints:
- GET /api/social-media/platforms - list active platforms
- POST /api/groups/:groupId/consents - save/update group consents
- GET /api/groups/:groupId/consents - retrieve group consent data
- GET /api/admin/groups/by-consent - filter groups by consent status
- GET /api/admin/consents/export - export consent data (JSON/CSV formats)
- Register consent router in routes/index.js
- Full validation and error handling
- CSV export with dynamic platform columns
- Ready for frontend integration
- Create new SocialMediaRepository for platform and consent management
- getAllPlatforms(), getActivePlatforms()
- createPlatform(), updatePlatform(), togglePlatformStatus()
- saveConsents(), getConsentsForGroup(), getGroupIdsByConsentStatus()
- revokeConsent(), restoreConsent(), hasActiveConsent()
- Extend GroupRepository with consent management methods
- createGroupWithConsent() - create group with workshop & social media consents
- getGroupWithConsents() - retrieve group with all consent data
- updateConsents() - update consent preferences
- getGroupsByConsentStatus() - filter groups by consent status
- exportConsentData() - export for legal documentation
- generateManagementToken(), getGroupByManagementToken() (Phase 2)
- Both repositories work together seamlessly via transactions
- Add comprehensive feature plan for consent management system
- Phase 1: Workshop display and social media consents (4-5 days)
- Phase 2: Self-service management portal (3-4 days)
- GDPR-compliant consent handling with timestamps
- Extensible social media platform configuration
- Export functionality for legal documentation
- Contact email: it@hobbyhimmel.de
Plan for implementing automatic EXIF data extraction from uploaded images:
- Extract capture date, camera model, and GPS coordinates
- Use earliest capture date for chronological group sorting
- Add new database fields: capture_date, exif_date_taken, exif_camera_model
- Implement ExifService with exifr library
- Create migration script for existing images
- Update slideshow sorting logic with EXIF-based chronology
- Fallback to year/upload date when EXIF unavailable
Estimated effort: 5-7 hours (3 phases)
Dependencies: exifr npm package
