🔖 Version 1.10.0
### ✨ Features
- Enable drag-and-drop reordering in ModerationGroupImagesPage
- Error handling system and animated error pages
### ♻️ Refactoring
- Extract ConsentFilter and StatsDisplay components from ModerationGroupsPage
- Consolidate error pages into single ErrorPage component
- Centralized styling with CSS and global MUI overrides
### 🔧 Chores
- Improve release script with tag-based commit detection
- Add helpful warning when no previous tag exists
- Show which tag is being used for commit range
- Provide tip for creating retroactive tags
- Fix typo in git log command (--online -> --oneline)
- Created ConsentFilter component with proper styling
- Created StatsDisplay component for statistics display
- Added ModerationGroupsPage.css to remove inline styles
- Removed 83 lines of inline CSS from ModerationGroupsPage
- Components now reusable across admin pages
- Added container wrappers and titles to both components
- Improved code maintainability and separation of concerns
- Created generic ErrorPage.js with errorCode prop
- Centralized error messages in ERROR_MESSAGES dictionary
- Updated App.js to use ErrorPage for all error routes
- Updated ErrorBoundary.js to use new ErrorPage component
- Removed duplicate files: 403Page.js, 404Page.js, 500Page.js, 502Page.js, 503Page.js
- Fixed 403/404 routing: protected routes show 403, unknown routes show 404
- Error pages now vertically centered with min-height: 100vh
- Added PUT /api/admin/groups/:groupId/reorder endpoint
- Implemented handleReorder in ModerationGroupImagesPage
- Uses adminRequest API with proper error handling
- Same mobile touch support as ManagementPortalPage
- Migrated all Pages from Material-UI to HTML+CSS (GroupsOverviewPage, ManagementPortalPage, ModerationGroupImagesPage, ModerationGroupsPage, PublicGroupImagesPage, SlideshowPage, MultiUploadPage)
- Added comprehensive typography system in App.css (h1-h3, p, utility classes)
- Added global Material-UI font overrides for Open Sans
- Removed redundant fontFamily: 'roboto' from all components
- Fixed button alignment in ImageGalleryCard (margin-top: auto)
- Removed emojis from titles for cleaner UI
- Standardized button padding (12px 30px) across application
- Improved code consistency and maintainability with centralized CSS approach
- Add ErrorBoundary component for React error handling
- Create animated error pages (403, 404, 500, 502, 503)
- Implement ErrorAnimation component with seven-segment display
- Add apiClient (axios) and apiFetch (fetch) wrappers with automatic error page redirects
- Migrate critical API calls to use new error handling
- Update font from Roboto to Open Sans across all components
- Remove unused CLIENT_URL from docker-compose files
- Rename 404Page.css to ErrorPage.css for consistency
- Add comprehensive ERROR_HANDLING.md documentation
Public/Internal Host Separation Feature
Implemented subdomain-based feature separation for production deployment with complete backend API protection, frontend code splitting, and local testing support.
Backend:
- Add hostGate middleware for host-based API protection
- Extend rate limiter with publicUploadLimiter (20/hour)
- Add source_host and source_type to audit logs
- Database migration for audit log source tracking
- Unit tests for hostGate middleware (10/20 passing)
Frontend:
- Add hostDetection utility for runtime host detection
- Implement React code splitting with lazy loading
- Update App.js with ProtectedRoute component
- Customize 404 page for public vs internal hosts
- Update env-config.js for host configuration
Docker:
- Add environment variables to prod/dev docker-compose
- Configure ENABLE_HOST_RESTRICTION flags
- Set PUBLIC_HOST and INTERNAL_HOST variables
Infrastructure:
- Prepared for nginx-proxy-manager setup
- Trust proxy configuration (TRUST_PROXY_HOPS=1)
Note: Some unit tests still need adjustment for ENV handling
- Host-based access control (public vs internal subdomain)
- Backend middleware for API protection
- Frontend code splitting for internal-only features
- Rate limiting for public uploads (20/hour/IP)
- Comprehensive testing strategy
- Security review and deployment plan
- replace bearer auth with session+CSRF flow and add admin user directory
- update frontend moderation flow, force password change gate, and new CLI
- refresh changelog/docs/feature plan + ensure swagger dev experience
✅ Completed Features:
- Comprehensive test suite (45 tests, 100% passing)
- Admin API authentication (Bearer Token)
- Automatic OpenAPI generation from route mappings
- Complete API documentation
- Frontend migration guide
📊 Changes:
- Backend: Production ready with 26% test coverage
- Frontend: Migration required (ALL routes changed)
- Documentation: Complete suite for developers
See CHANGELOG.md and frontend/MIGRATION-GUIDE.md for details.
Critical corrections to frontend/MIGRATION-GUIDE.md:
- Emphasize ALL API routes now have consistent /api prefix
- Old routes had inconsistent prefixes (some with /api, some without)
- List specific files with wrong routes that need fixing:
* ModerationGroupsPage.js: /groups/* → /api/admin/groups/*
* ModerationGroupImagesPage.js: /moderation/groups/* → /api/admin/groups/*
* PublicGroupImagesPage.js: /groups/* → /api/groups/*
- Add 3-phase checklist: Route Prefixes → Authentication → Testing
- Provide grep commands to find ALL fetch/axios calls
- Make clear this affects the entire frontend, not just admin features
Migration effort estimate increased: 3-4 hours (route audit + auth)
- Add prominent migration guide reference in README.dev.md API section
- Remove backend/TESTING.md (info now in README.dev.md)
- Remove backend/test-openapi-paths.js (replaced by automated tests)
🧪 Testing Infrastructure (45 tests, 100% passing)
- Implemented Jest + Supertest framework for automated testing
- Unit tests: 5 tests for auth middleware (100% coverage)
- Integration tests: 40 tests covering admin, consent, migration, upload APIs
- Test execution time: ~10 seconds for full suite
- Coverage: 26% statements, 15% branches (realistic start)
- In-memory SQLite database for isolated testing
- Singleton server pattern for fast test execution
- Automatic cleanup and teardown
🔒 Admin API Authentication
- Bearer token authentication for all admin endpoints
- requireAdminAuth middleware with ADMIN_API_KEY validation
- Protected routes: /api/admin/*, /api/system/migration/migrate|rollback
- Complete authentication guide in AUTHENTICATION.md
- HTTP 403 for missing/invalid tokens, 500 if not configured
- Ready for production with token rotation support
📋 API Route Documentation
- Single Source of Truth: backend/src/routes/routeMappings.js
- Comprehensive route overview in backend/src/routes/README.md
- Express routing order documented (specific before generic)
- Frontend integration guide with authentication examples
- OpenAPI auto-generation integrated
🐛 Bug Fixes
- Fixed SQLite connection not properly awaited (caused test hangs)
- Fixed upload validation checking req.files.file before req.files
- Fixed Express route order (consent before admin router)
- Fixed test environment using /tmp for uploads (permission issues)
📚 Documentation Updates
- Updated README.md with testing and authentication features
- Updated README.dev.md with testing section and API development guide
- Updated CHANGELOG.md with complete feature documentation
- Updated FEATURE_PLAN-autogen-openapi.md (status: 100% complete)
- Added frontend/MIGRATION-GUIDE.md for frontend team
🚀 Frontend Impact
Frontend needs to add Bearer token to all /api/admin/* calls.
See frontend/MIGRATION-GUIDE.md for detailed instructions.
Test Status: ✅ 45/45 passing (100%)
Backend: ✅ Production ready
Frontend: ⚠️ Migration required (see MIGRATION-GUIDE.md)
Changed ImageGalleryCard to pass itemId (image.id) instead of index
when deleting images in preview mode. This fixes 'Image not found' error
when attempting to delete individual images in ManagementPortalPage
and ModerationGroupImagesPage.
The index was being passed to the API, but the API expects the actual
database image ID.
- Clarified that Phase 1 & 2 tests were done manually
- Added section for outstanding automated tests
- Listed missing test types: Unit, Integration, E2E, Performance, Security
- Status: All features manually tested and functional, but automated test suite pending
- Created new modular components:
* ConsentManager: Manages workshop + social media consents with individual save
* GroupMetadataEditor: Manages group metadata (title, description, name, year) with save
* ImageDescriptionManager: Manages image descriptions with batch save
* DeleteGroupButton: Standalone group deletion component
- Refactored ManagementPortalPage to use modular components:
* Each component in Paper box with heading inside (not outside)
* HTML buttons with CSS classes (btn btn-success, btn btn-secondary)
* Inline feedback with Material-UI Alert instead of SweetAlert2 popups
* Icons: 💾 save, ↩ discard, 🗑️ delete
* Individual save/discard functionality per component
- Enhanced ConsentCheckboxes component:
* Added children prop for flexible composition
* Conditional heading for manage mode inside Paper box
- Fixed DescriptionInput:
* Removed duplicate heading (now only in parent component)
- React state management improvements:
* Deep copy pattern for nested objects/arrays
* Sorted array comparison for order-insensitive change detection
* Set-based comparison for detecting removed items
* Initialization guard to prevent useEffect overwrites
- Bug fixes:
* Fixed image reordering using existing /api/groups/:groupId/reorder route
* Fixed edit mode toggle with unsaved changes warning
* Fixed consent state updates with proper object references
* Fixed uploadImageBatch signature to use object destructuring
* Removed unnecessary /api/manage/:token/reorder route from backend
Next: Apply same modular pattern to MultiUploadPage and ModerationGroupImagesPage
- Task 17: Management-Link im Upload-Erfolg angezeigt mit Copy-Button
- Widerruf-Dialoge überarbeitet: Klarstellung zu Scope & Kontakt für Social Media Posts
- Rate-Limiter für Dev-Umgebung erhöht (100/h statt 10/h)
- Mailto-Link Verhalten noch nicht final getestet (Browser vs. Mail-Client)
ACHTUNG: Noch nicht vollständig getestet! Mailto-Funktionalität muss in verschiedenen Browsern validiert werden.
Issue 6: ModerationGroupsPage - Filter "Alle Gruppen" not working
- Problem: Backend filtered groups with display_in_workshop=1 even when no filter selected
- Solution: Removed filter condition in else block - now shows ALL groups when filter='all'
- File: backend/src/routes/groups.js
- Test: GET /moderation/groups now returns 73 groups (all groups)
Issue 7: Export button "Consent-Daten exportieren" not working
- Problem: Routes had wrong path prefix (/admin/* instead of /api/admin/*)
- Solution: Added /api prefix to consent admin routes for consistency
- Files: backend/src/routes/consent.js
* GET /api/admin/groups/by-consent (was /admin/groups/by-consent)
* GET /api/admin/consents/export (was /admin/consents/export)
- Test: curl http://localhost:5001/api/admin/consents/export?format=csv works
- Export now includes dynamic Social Media platform columns (facebook, instagram, tiktok)
Test Results:
✅ Filter "Alle Gruppen": 73 groups
✅ Filter "Nur Werkstatt": 1 group
✅ Filter "Facebook": 0 groups
✅ Export CSV with platform columns: facebook,instagram,tiktok
✅ Test upload with Social Media consents saved correctly
✅ Export shows consented platforms per group
Files Changed:
- backend/src/routes/groups.js (filter logic fixed)
- backend/src/routes/consent.js (API paths corrected)
Audit-Logging System:
- Migration 007: management_audit_log table with indexes
- Tracks all management portal actions
- IP address, user-agent, request data logging
- Token masking (only first 8 chars stored)
- Success/failure tracking with error messages
ManagementAuditLogRepository:
- logAction() - Log management actions
- getRecentLogs() - Get last N logs
- getLogsByGroupId() - Get logs for specific group
- getFailedActionsByIP() - Security monitoring
- getStatistics() - Overview statistics
- cleanupOldLogs() - Maintenance (90 days retention)
Audit-Log Middleware:
- Adds res.auditLog() helper function
- Auto-captures IP, User-Agent
- Integrated into all management routes
- Non-blocking (errors don't fail main operation)
Admin API Endpoints:
- GET /api/admin/management-audit?limit=N
- GET /api/admin/management-audit/stats
- GET /api/admin/management-audit/group/:groupId
Tested:
✅ Migration executed successfully
✅ Audit logs written on token validation
✅ Admin API returns logs with stats
✅ Token masking working
✅ Statistics accurate
Rate-Limiting:
- IP-based: 10 requests per hour per IP
- Applies to all /api/manage/* routes
- Returns 429 Too Many Requests when limit exceeded
- Automatic cleanup of expired records (>1h old)
Brute-Force Protection:
- Tracks failed token validation attempts
- After 20 failed attempts: IP banned for 24 hours
- Returns 403 Forbidden for banned IPs
- Integrated into GET /api/manage/:token route
Technical Implementation:
- Created backend/src/middlewares/rateLimiter.js
- In-memory storage with Map() for rate limit tracking
- Separate Map() for brute-force detection
- Middleware applied to all management routes
- Token validation failures increment brute-force counter
Tested:
✅ Rate limit blocks after 10 requests
✅ 429 status code returned correctly
✅ Middleware integration working
✅ IP-based tracking functional
Fixed Task 8 (Delete Group API):
- Changed deletionLogRepository.logDeletion() to createDeletionEntry()
- Use correct parameters matching DeletionLogRepository schema
- Deletion now works: group, images, files, consents all removed
- deletion_log entry created with proper data
Tested:
✅ Group deletion with valid token
✅ 404 for invalid/missing tokens
✅ Files deleted (original + preview)
✅ DB records deleted via CASCADE
✅ Deletion log entry created
All 8 Backend Management API tasks complete!
Backend Management API implementation for self-service user portal:
✅ Task 2: Token Generation (already implemented in Phase 1)
- UUID v4 generated at upload
- Stored in groups.management_token
- Returned in upload response
✅ Task 3: Token Validation API
- GET /api/manage/:token
- Validates token and loads complete group data
- Returns group with images, consents, metadata
- 404 for invalid/missing tokens
✅ Task 4: Consent Revocation API
- PUT /api/manage/:token/consents
- Revoke/restore workshop consent
- Revoke/restore social media platform consents
- Sets revoked=1, revoked_timestamp
- Full error handling and validation
✅ Task 5: Metadata Edit API
- PUT /api/manage/:token/metadata
- Update title, description, name
- Supports partial updates
- Automatically sets approved=0 (returns to moderation)
✅ Task 6: Add Images API
- POST /api/manage/:token/images
- Upload new images to existing group
- Calculates correct upload_order
- Sets approved=0 on changes
- Max 50 images per group validation
- Preview generation support
✅ Task 7: Delete Image API
- DELETE /api/manage/:token/images/:imageId
- Deletes original and preview files
- Removes DB entry
- Sets approved=0 if group was approved
- Prevents deletion of last image
⏳ Task 8: Delete Group API (in progress)
- DELETE /api/manage/:token route created
- Integration with existing GroupRepository.deleteGroup
- Needs testing
Technical Changes:
- Created backend/src/routes/management.js
- Added getGroupByManagementToken() to GroupRepository
- Registered /api/manage routes in index.js
- Installed uuid package for token generation
- All routes use token validation helper
- Docker-only development workflow
Tested Features:
- Token validation with real uploads
- Workshop consent revoke/restore
- Social media consent management
- Metadata updates (full and partial)
- Image upload with multipart/form-data
- Image deletion with file cleanup
- Error handling and edge cases
Phase 1 Features (GDPR-compliant):
✅ Mandatory workshop display consent
✅ Optional per-platform social media consents (Facebook, Instagram, TikTok)
✅ Consent badges and filtering in moderation panel
✅ CSV/JSON export for legal documentation
✅ Group ID tracking for consent withdrawal
✅ Automatic migration system fixed
✅ Validated with 72 production groups (all GDPR-compliant)
Implementation: 13 commits, 2 days (Nov 9-10, 2025)
Branch: feature/SocialMedia → main
Status: Production-ready after code review
