Project-Image-Uploader

hobbyhimmel/Project-Image-Uploader

Fork 0

Commit Graph

Author	SHA1	Message	Date
matthias.lotz	712b8477b9	feat: Implement public/internal host separation Backend: - Add hostGate middleware for host-based API protection - Extend rate limiter with publicUploadLimiter (20/hour) - Add source_host and source_type to audit logs - Database migration for audit log source tracking - Unit tests for hostGate middleware (10/20 passing) Frontend: - Add hostDetection utility for runtime host detection - Implement React code splitting with lazy loading - Update App.js with ProtectedRoute component - Customize 404 page for public vs internal hosts - Update env-config.js for host configuration Docker: - Add environment variables to prod/dev docker-compose - Configure ENABLE_HOST_RESTRICTION flags - Set PUBLIC_HOST and INTERNAL_HOST variables Infrastructure: - Prepared for nginx-proxy-manager setup - Trust proxy configuration (TRUST_PROXY_HOPS=1) Note: Some unit tests still need adjustment for ENV handling	2025-11-25 20:26:59 +01:00
matthias.lotz	6332b82c6a	Feature Request: admin session security - replace bearer auth with session+CSRF flow and add admin user directory - update frontend moderation flow, force password change gate, and new CLI - refresh changelog/docs/feature plan + ensure swagger dev experience	2025-11-23 21:18:42 +01:00
matthias.lotz	cb640576f4	feat(frontend): Migrate all API routes to new structure with admin auth Phase 1: Route Structure & Admin Authentication ✅ Route Prefix Fixes: - All routes now use consistent /api prefix - Public: /groups/* → /api/groups/* - Admin: /groups/, /moderation/ → /api/admin/* - Social Media: /api/social-media/* → /api/admin/social-media/* ✅ Admin API Authentication: - Created adminApi.js service with Bearer Token helpers * adminFetch() - Base fetch with Authorization header * adminGet() - GET with auto error handling * adminRequest() - POST/PUT/PATCH/DELETE with JSON * adminDownload() - For Blob downloads (CSV exports) - Added frontend/.env.example with REACT_APP_ADMIN_API_KEY - All /api/admin/* calls now use admin helpers ✅ Updated Components: - ModerationGroupsPage.js: All admin endpoints migrated - ModerationGroupImagesPage.js: Group loading + image deletion - PublicGroupImagesPage.js: Fixed public group route - DeletionLogSection.js: Deletion log endpoints - ConsentCheckboxes.js: Platform loading ⚠️ Next Steps: - Add user-friendly 403 error handling - Test all affected pages - Configure REACT_APP_ADMIN_API_KEY in deployment	2025-11-16 18:39:40 +01:00

Author

SHA1

Message

Date

matthias.lotz

712b8477b9

feat: Implement public/internal host separation

Backend:
- Add hostGate middleware for host-based API protection
- Extend rate limiter with publicUploadLimiter (20/hour)
- Add source_host and source_type to audit logs
- Database migration for audit log source tracking
- Unit tests for hostGate middleware (10/20 passing)

Frontend:
- Add hostDetection utility for runtime host detection
- Implement React code splitting with lazy loading
- Update App.js with ProtectedRoute component
- Customize 404 page for public vs internal hosts
- Update env-config.js for host configuration

Docker:
- Add environment variables to prod/dev docker-compose
- Configure ENABLE_HOST_RESTRICTION flags
- Set PUBLIC_HOST and INTERNAL_HOST variables

Infrastructure:
- Prepared for nginx-proxy-manager setup
- Trust proxy configuration (TRUST_PROXY_HOPS=1)

Note: Some unit tests still need adjustment for ENV handling

2025-11-25 20:26:59 +01:00

matthias.lotz

6332b82c6a

Feature Request: admin session security

- replace bearer auth with session+CSRF flow and add admin user directory

- update frontend moderation flow, force password change gate, and new CLI

- refresh changelog/docs/feature plan + ensure swagger dev experience

2025-11-23 21:18:42 +01:00

matthias.lotz

cb640576f4

feat(frontend): Migrate all API routes to new structure with admin auth

Phase 1: Route Structure & Admin Authentication

✅ Route Prefix Fixes:
- All routes now use consistent /api prefix
- Public: /groups/* → /api/groups/*
- Admin: /groups/*, /moderation/* → /api/admin/*
- Social Media: /api/social-media/* → /api/admin/social-media/*

✅ Admin API Authentication:
- Created adminApi.js service with Bearer Token helpers
  * adminFetch() - Base fetch with Authorization header
  * adminGet() - GET with auto error handling
  * adminRequest() - POST/PUT/PATCH/DELETE with JSON
  * adminDownload() - For Blob downloads (CSV exports)
- Added frontend/.env.example with REACT_APP_ADMIN_API_KEY
- All /api/admin/* calls now use admin helpers

✅ Updated Components:
- ModerationGroupsPage.js: All admin endpoints migrated
- ModerationGroupImagesPage.js: Group loading + image deletion
- PublicGroupImagesPage.js: Fixed public group route
- DeletionLogSection.js: Deletion log endpoints
- ConsentCheckboxes.js: Platform loading

⚠️ Next Steps:
- Add user-friendly 403 error handling
- Test all affected pages
- Configure REACT_APP_ADMIN_API_KEY in deployment

2025-11-16 18:39:40 +01:00

3 Commits