elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
473 Commits 4 Branches 122 Tags
master
Commit Graph

12 Commits

Author SHA1 Message Date
elpatron 3ac4201734 Add AI travel day summaries via OpenRouter for skippers. 
Skipper-only proxy with per-entry rate limiting, encrypted payload storage, CSV export, and Plausible tracking.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-03 11:26:19 +02:00
elpatron b9ce853059 feat(ops): script to rotate PostgreSQL password safely 
Add rotate-postgres-password.sh with optional app role, document the
procedure, and stop defaulting production POSTGRES_PASSWORD to postgres.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:09:15 +02:00
elpatron e138752dd3 feat(security): Sprint 1 hardening for production behind NPM 
Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:02:15 +02:00
elpatron dea33e3f00 feat(security): Session-Cookies statt X-User-Id und API-Härtung 
Ersetzt die spoofbare X-User-Id-Auth durch signierte HttpOnly-Sessions nach
WebAuthn, erzwingt WRITE-only Sync, speichert den Master-Key nur im RAM und
ergänzt CORS, Rate-Limits, Helmet sowie Passkey-Reauth für sensible Aktionen.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:47:24 +02:00
elpatron adf8ee9929 fix(feedback): Ntfy in Docker, ASCII-Titel und Skipper-Badge 
NTFY_* an den Backend-Container durchreichen; En-Dash im Ntfy-Header durch ASCII-Strich ersetzen (ByteString-Fehler). Skipper-Badge klar als Account-Anzeige kennzeichnen; start-dev.sh prüft npm vor dem Start.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:16:59 +02:00
elpatron 03bb55f9a1 feat(weather): OWM-Fallback über Server-.env wenn kein User-Key 
Wetter-Proxy auf /api/weather/current nutzt optionalen Nutzer-Key aus
den Einstellungen, sonst OpenWeatherMapAPIKey aus der Umgebung.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 12:37:58 +02:00
elpatron e8f9381c5f fix(docker): VAPID-Umgebungsvariablen an Backend durchreichen 
Web Push benötigt VAPID_* aus der Host-.env im Backend-Container.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 12:19:50 +02:00
elpatron 878d632dc8 feat: Semantische Versionierung mit Git-Tags und App-Footer. 
VERSION-Datei (0.1.0.0), Release-Flow in update-prod.sh und Build-time-Einbindung der Versionsnummer im Footer mit Copyright-Link.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-29 15:13:16 +02:00
elpatron 648a0d6adc Make RP_ID and ORIGIN configurable via environment variables in docker-compose.yml 2026-05-28 21:02:35 +02:00
elpatron 19082dcae1 fix(docker): configure correct RP_ID and ORIGIN environment variables for WebAuthn 2026-05-28 12:34:45 +02:00
elpatron 05773ef977 chore: remove deprecated version field from docker-compose.yml 2026-05-28 12:24:12 +02:00
elpatron 572d38e490 Dockerize client, server, and postgres database for production with container healthchecks 2026-05-28 12:23:50 +02:00