- Updated README.md with Telegram features section in 'Latest Features'
- Added Telegram environment variables to Environment Variables table
- Updated FEATURE_PLAN-telegram.md: marked Phases 1-5 as completed
- Updated status table with completion dates (Phase 1-4: done, Phase 5: docs complete)
OpenAPI Documentation:
- Added swagger tags to reorder route (Management Portal)
- Added swagger tags to consent routes (Consent Management)
- Regenerated openapi.json with correct tags (no more 'default' category)
Environment Configuration:
- Updated .env.backend.example with Telegram variables and session secret
- Created docker/dev/.env.example with Telegram configuration template
- Created docker/prod/.env.example with production environment template
- Moved secrets from docker-compose.yml to .env files (gitignored)
- Changed docker/dev/docker-compose.yml to use placeholders: ${TELEGRAM_BOT_TOKEN}
Security Enhancements:
- Disabled test message on server start by default (TELEGRAM_SEND_TEST_ON_START=false)
- Extended pre-commit hook to detect hardcoded Telegram secrets
- Hook prevents commit if TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID are hardcoded
- All secrets must use environment variable placeholders
Phase 5 fully completed and documented.
- Added Telegram warning cron job at 09:00 (1 hour before cleanup)
- Integrated with GroupCleanupService.findGroupsForDeletion()
- Sends sendDeletionWarning() notification for groups pending deletion
- Added manual trigger method triggerTelegramWarningNow() for development
- Added POST /api/admin/telegram/warning endpoint for manual testing
- Fixed SchedulerService singleton instance in server.js app.set()
- Added Telegram ENV vars to docker-compose.yml environment section
Tested successfully with test data showing warning message in Telegram.
- Add ErrorBoundary component for React error handling
- Create animated error pages (403, 404, 500, 502, 503)
- Implement ErrorAnimation component with seven-segment display
- Add apiClient (axios) and apiFetch (fetch) wrappers with automatic error page redirects
- Migrate critical API calls to use new error handling
- Update font from Roboto to Open Sans across all components
- Remove unused CLIENT_URL from docker-compose files
- Rename 404Page.css to ErrorPage.css for consistency
- Add comprehensive ERROR_HANDLING.md documentation
Backend:
- Add hostGate middleware for host-based API protection
- Extend rate limiter with publicUploadLimiter (20/hour)
- Add source_host and source_type to audit logs
- Database migration for audit log source tracking
- Unit tests for hostGate middleware (10/20 passing)
Frontend:
- Add hostDetection utility for runtime host detection
- Implement React code splitting with lazy loading
- Update App.js with ProtectedRoute component
- Customize 404 page for public vs internal hosts
- Update env-config.js for host configuration
Docker:
- Add environment variables to prod/dev docker-compose
- Configure ENABLE_HOST_RESTRICTION flags
- Set PUBLIC_HOST and INTERNAL_HOST variables
Infrastructure:
- Prepared for nginx-proxy-manager setup
- Trust proxy configuration (TRUST_PROXY_HOPS=1)
Note: Some unit tests still need adjustment for ENV handling
- replace bearer auth with session+CSRF flow and add admin user directory
- update frontend moderation flow, force password change gate, and new CLI
- refresh changelog/docs/feature plan + ensure swagger dev experience
- Update consent.js routes to use /api prefix
- Add /api/social-media location to dev/prod nginx configs
- Fix route registration for proper API access
- Install sqlite3 in prod Dockerfile using apk (Alpine package manager)
- Required for test-cleanup-prod.sh script to function
- Matches dev environment which already had sqlite3 installed
Changes:
- docker/prod/backend/Dockerfile: Add 'apk add --no-cache sqlite'
- tests/test-cleanup.sh -> split into test-cleanup-dev.sh and test-cleanup-prod.sh
- Separate scripts for dev/prod with correct docker-compose paths
Testing:
- sqlite3 now available at /usr/bin/sqlite3 in prod container
- test-cleanup-prod.sh can now execute database queries
The /moderation page is already password-protected, so API routes
called from that page don't need additional authentication.
This fixes 'Unexpected token <' error in deletion log display.
- Create DeletionLogSection component
- Integrate deletion log at bottom of moderation page
- Remove standalone DeletionLogPage and route
- Remove admin nav link (log now in moderation)
- Keep /api/admin routes for backend API access
- Update nginx configs (remove /admin frontend route)
- Create DeletionLogPage with statistics cards and deletion history table
- Add admin navigation link to Navbar
- Configure nginx for /admin and /api/admin routes (dev+prod)
- Add password protection for admin routes
- Support toggle between last 10 and all deletions
Features:
- Add image description field (max 200 chars) for individual images
- Replace 'Sort' button with 'Edit' button in image gallery cards
- Enable edit mode with text fields for each image in moderation
- Display descriptions in slideshow and public views
- Integrate description saving with main save button
Frontend changes:
- ImageGalleryCard: Add edit mode UI with textarea and character counter
- ModerationGroupImagesPage: Integrate description editing into main save flow
- Fix keyboard event propagation in textarea (spacebar issue)
- Remove separate 'Save Descriptions' button
- Add ESLint fixes for useCallback dependencies
Backend changes:
- Fix route order: batch-description route must come before :imageId route
- Ensure batch description update API works correctly
Build optimizations:
- Add .dockerignore to exclude development data (182MB reduction)
- Fix Dockerfile: Remove non-existent frontend/conf directory
- Reduce backend image size from 437MB to 247MB
Fixes:
- Fix route matching issue with batch-description endpoint
- Prevent keyboard events from triggering drag-and-drop
- Clean up unused functions and ESLint warnings
- Created clean dev nginx.conf based on working prod version
- Adapted backend service names (backend-dev)
- Replaced static file serving with React Dev Server proxying
- Added htpasswd authentication for /moderation routes
Testing confirms:
✅ Homepage accessible (200 OK)
✅ Moderation page protected (401 Unauthorized)
✅ Moderation API protected (401 Unauthorized)
✅ Upload functionality working (single + batch)
- Fixed missing 'path' import in batchUpload.js
- Fixed GroupRepository import (singleton vs class)
- Added htpasswd file to development config
- Created new nginx.conf based on working production config
- Updated Dockerfile to copy htpasswd for development
Status:
✅ Upload functionality restored (both single and batch)
✅ Backend routing and error handling fixed
⚠️ nginx auth config needs troubleshooting (container not using new config)
- Fixed nginx proxy configuration for API endpoints
- Added proper proxy headers and max body size for uploads
- Added /api/groups endpoint routing
- Corrected proxy_pass paths to route properly to backend
- API endpoints now accessible via nginx proxy
Fixes: Image upload routing issue in development environment
- Kopiert Development-spezifische .env und env.sh ins frontend/ für Volume-Mount
- Aktualisiert .gitignore für Development-Dateien
- Frontend-Container startet jetzt ohne env.sh Fehler
- Development-Server läuft erfolgreich auf Port 3000
- Neue Docker-Struktur: docker/{dev,prod}/ für klare Trennung
- Entfernt: docker-compose.override.yml (problematisch)
- Hinzugefügt: ./dev.sh und ./prod.sh Scripts für einfache Bedienung
- Container-spezifische Konfigurationen in docker/{dev,prod}/*/config/
- Aktualisierte READMEs für neue Struktur
- Backend-Daten in .gitignore hinzugefügt
- Bereinigt: Veraltete Dockerfiles und Konfigurationsdateien
Jetzt: Wartungsfreundlich, keine Verwirrung zwischen Umgebungen
