elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
473 Commits 4 Branches 122 Tags
master
Commit Graph

13 Commits

Author SHA1 Message Date
elpatron 3ac4201734 Add AI travel day summaries via OpenRouter for skippers. 
Skipper-only proxy with per-entry rate limiting, encrypted payload storage, CSV export, and Plausible tracking.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-03 11:26:19 +02:00
elpatron 2b029a26f0 Fix passkey login 429 by forwarding client IPs correctly. 
Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-02 22:48:15 +02:00
elpatron b9ce853059 feat(ops): script to rotate PostgreSQL password safely 
Add rotate-postgres-password.sh with optional app role, document the
procedure, and stop defaulting production POSTGRES_PASSWORD to postgres.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:09:15 +02:00
elpatron e138752dd3 feat(security): Sprint 1 hardening for production behind NPM 
Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:02:15 +02:00
elpatron 0caaf681d8 Fix live journal freeze and passkey login on localhost. 
Harden live log init with safe per-entry decrypt, stable loading state, and no parallel list scan in live mode. Improve multi-sail picker UX, stop WebAuthn retry after user cancel, redirect 127.0.0.1 to localhost, and tolerate missing appearance prefs table.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 08:49:45 +02:00
elpatron 3749f87c1d Add Scandinavian i18n (da/sv/nb) via DeepL pipeline. 
Integrate new locale bundles, language cycling in the UI, SEO hreflang tags, and localized beta flyer HTML variants with scripts for batch translation and key validation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-31 15:53:43 +02:00
elpatron 7d75e74679 fix: CORS-Origins, Sync-Body-Limit und geteilte Logbuch-Rolle 
Erlaubt mehrere/normalisierte CORS-Origins mit Dev-Fallbacks für Session-Cookies,
stellt express.json wieder auf 50mb für große Sync-Payloads und setzt die
Zugriffsrolle beim Wechsel in geteilte Logbücher ohne Cache korrekt.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:59:15 +02:00
elpatron dea33e3f00 feat(security): Session-Cookies statt X-User-Id und API-Härtung 
Ersetzt die spoofbare X-User-Id-Auth durch signierte HttpOnly-Sessions nach
WebAuthn, erzwingt WRITE-only Sync, speichert den Master-Key nur im RAM und
ergänzt CORS, Rate-Limits, Helmet sowie Passkey-Reauth für sensible Aktionen.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:47:24 +02:00
elpatron f1f90da069 feat(feedback): Feedback-Formular mit Ntfy-Versand 
Nutzer können Feedback aus dem Header senden; der Server leitet Nachrichten über Ntfy weiter (NTFY_* in .env).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 12:58:25 +02:00
elpatron 2428313a22 feat: Web Push für Logbuch-Eigner bei Crew-Sync 
Benachrichtigt Owner optional per VAPID/Web Push, wenn Collaborators
Änderungen synchronisieren — ohne Klartext-Inhalte, mit Opt-in in den
Einstellungen, Custom Service Worker und Deep-Link zum Logbuch.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 11:36:03 +02:00
elpatron 648a0d6adc Make RP_ID and ORIGIN configurable via environment variables in docker-compose.yml 2026-05-28 21:02:35 +02:00
elpatron db8b454a9e docs & feat: update project plan to E2E encrypted server storage & initialize monorepo client/server codebases 2026-05-27 21:22:02 +02:00
elpatron d4b3cc2d74 First commit 2026-05-26 23:21:10 +02:00