elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
556 Commits 2 Branches 137 Tags
faf3b8e3cf7078b4129bfbe48298fd04de7d3177
Commit Graph

20 Commits

Author SHA1 Message Date
elpatron 262c48a01a chore: document COMPOSE_FILE in .env.example to lock environment compose stack configurations 2026-06-06 21:53:43 +02:00
elpatron e10cef4b05 chore: remove parakeet service and configuration, switch completely to OpenRouter Whisper 2026-06-06 11:38:51 +02:00
elpatron a4b3515711 feat: implement voice memo transcription with local parakeet container and fallback timeouts 2026-06-06 11:01:15 +02:00
elpatron f0c3cacb06 feat(analytics): Plausible über PLAUSIBLE_ENABLED und PLAUSIBLE_HOST steuerbar 
Runtime-Konfiguration im Frontend-Container trennt Prod und Staging;
Staging deaktiviert Analytics standardmäßig.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-05 18:04:31 +02:00
elpatron aff8d1517d feat(deploy): Staging-Umgebung und einheitliches Deploy-Skript 
Fügt docker-compose.staging.yml, Staging-Dokumentation und -dest prod|stage
in update-prod.sh hinzu, damit Prod und Staging über ein Skript deploybar sind.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-05 17:47:12 +02:00
elpatron 212775ffdc fix(deploy): pass ADMIN_USER_IDS into backend container 
Docker Compose did not forward the admin whitelist from .env, so production always treated every user as non-admin.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-05 11:14:56 +02:00
elpatron 5dedb8fac0 feat: add admin dashboard with usage stats 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-05 09:26:55 +02:00
elpatron 3ac4201734 Add AI travel day summaries via OpenRouter for skippers. 
Skipper-only proxy with per-entry rate limiting, encrypted payload storage, CSV export, and Plausible tracking.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-03 11:26:19 +02:00
elpatron 2b029a26f0 Fix passkey login 429 by forwarding client IPs correctly. 
Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-02 22:48:15 +02:00
elpatron b9ce853059 feat(ops): script to rotate PostgreSQL password safely 
Add rotate-postgres-password.sh with optional app role, document the
procedure, and stop defaulting production POSTGRES_PASSWORD to postgres.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:09:15 +02:00
elpatron e138752dd3 feat(security): Sprint 1 hardening for production behind NPM 
Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:02:15 +02:00
elpatron 0caaf681d8 Fix live journal freeze and passkey login on localhost. 
Harden live log init with safe per-entry decrypt, stable loading state, and no parallel list scan in live mode. Improve multi-sail picker UX, stop WebAuthn retry after user cancel, redirect 127.0.0.1 to localhost, and tolerate missing appearance prefs table.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 08:49:45 +02:00
elpatron 3749f87c1d Add Scandinavian i18n (da/sv/nb) via DeepL pipeline. 
Integrate new locale bundles, language cycling in the UI, SEO hreflang tags, and localized beta flyer HTML variants with scripts for batch translation and key validation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-31 15:53:43 +02:00
elpatron 7d75e74679 fix: CORS-Origins, Sync-Body-Limit und geteilte Logbuch-Rolle 
Erlaubt mehrere/normalisierte CORS-Origins mit Dev-Fallbacks für Session-Cookies,
stellt express.json wieder auf 50mb für große Sync-Payloads und setzt die
Zugriffsrolle beim Wechsel in geteilte Logbücher ohne Cache korrekt.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:59:15 +02:00
elpatron dea33e3f00 feat(security): Session-Cookies statt X-User-Id und API-Härtung 
Ersetzt die spoofbare X-User-Id-Auth durch signierte HttpOnly-Sessions nach
WebAuthn, erzwingt WRITE-only Sync, speichert den Master-Key nur im RAM und
ergänzt CORS, Rate-Limits, Helmet sowie Passkey-Reauth für sensible Aktionen.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 13:47:24 +02:00
elpatron f1f90da069 feat(feedback): Feedback-Formular mit Ntfy-Versand 
Nutzer können Feedback aus dem Header senden; der Server leitet Nachrichten über Ntfy weiter (NTFY_* in .env).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 12:58:25 +02:00
elpatron 2428313a22 feat: Web Push für Logbuch-Eigner bei Crew-Sync 
Benachrichtigt Owner optional per VAPID/Web Push, wenn Collaborators
Änderungen synchronisieren — ohne Klartext-Inhalte, mit Opt-in in den
Einstellungen, Custom Service Worker und Deep-Link zum Logbuch.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 11:36:03 +02:00
elpatron 648a0d6adc Make RP_ID and ORIGIN configurable via environment variables in docker-compose.yml 2026-05-28 21:02:35 +02:00
elpatron db8b454a9e docs & feat: update project plan to E2E encrypted server storage & initialize monorepo client/server codebases 2026-05-27 21:22:02 +02:00
elpatron d4b3cc2d74 First commit 2026-05-26 23:21:10 +02:00