johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
77 Commits 1 Branch 0 Tags 133 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
James 84f8350700 feat: server-side test role — PUT /api/admin/test-role writes to session, middleware injects into context 2026-03-12 03:45:39 -04:00
James 27c682b960 feat: org management — Add Org modal with typeahead, members, permissions per org 2026-03-07 13:50:03 -05:00
James 3caf312fdb feat: file preview, buyer visibility, inline editing, template consolidation, CSS centralization 2026-03-07 13:10:12 -05:00
James 27c715f963 chore: auto-commit uncommitted changes 2026-03-04 00:01:22 -05:00
James 0647eb91b6 Request tree: spreadsheet-style table with D&D, linking, import 
- Add sort_order column to entries (migration 002)
- Upgrade migration runner to handle directory of SQL files
- Add TypeSection, SortOrder field, RequestListData, SectionData types
- Add tree API: ListRequestTree, MoveEntry, AnswerLink CRUD, ListAnswers
- Rewrite ImportRequests to create hierarchical tree (request_list → section → request)
- Rewrite project page Requests tab as spreadsheet-style tree table
  - Collapsible request lists and sections
  - Auto-numbering (1, 1.1, 1.2, 2.1.1)
  - Drag & drop reordering between sections
  - Priority/status badges with color coding
  - Attach answer modal (link existing docs or upload new)
  - Per-row actions menu

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 18:30:12 -05:00
James 4758bafdb7 Comprehensive test suite: orgs, requests import, RBAC super_admin, domain validation 
New tests added:
- lib/types_test.go: OrgData, DealOrgData, RequestData, WorkstreamData JSON marshal tests
- lib/rbac_test.go additions: TestSuperAdminBypassesCheckAccess, TestIsSuperAdmin, TestIsSuperAdminRevokedGrant, TestSuperAdminCanGrantAnyRole
- api/orgs_test.go: TestCreateOrg, TestCreateOrgEmptyDomains, TestCreateOrgMissingDomains, TestListOrgs, TestSuperAdminCanListAllOrgs, TestGetOrg, TestUpdateOrg, and more
- api/requests_test.go: TestImportRequestsCSV, TestImportRequestsXLSX, TestImportSmartHeaderDetection, TestImportModeReplace, TestImportModeAdd, TestListRequests, TestPriorityNormalization, and more
- api/integration_test.go additions: TestFullDealWorkflow, TestSuperAdminSeeAllProjects

Total: 33 new test functions, all passing
 2026-02-28 07:20:09 -05:00
James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings 
CRITICAL fixes:
- OTP code comparison now uses constant-time compare (timing attack)
- Backdoor code comparison now uses constant-time compare (timing attack)

HIGH fixes:
- CORS policy restricted to allowlist (was wildcard *)
- Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.)

See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including
4 MEDIUM and 3 LOW/INFO findings documented for future work.
 2026-02-28 07:17:06 -05:00
James 45ee8d0e4b Port diligence request model + CSV/XLSX import from old dealroom 
- Add RequestData and WorkstreamData types to lib/types.go
- Add excelize/v2 dependency for XLSX parsing
- Add GET /api/projects/{projectID}/requests endpoint (lists requests grouped by section)
- Add POST /api/projects/{projectID}/requests/import endpoint with:
  - Smart header detection (scans first 12 rows for keyword matches)
  - CSV and XLSX support (detects by extension + magic bytes)
  - Priority mapping (high/critical/urgent→high, low/nice/optional→low)
  - Mode: add or replace existing requests
  - Optional section_filter parameter
  - Optional create_workstreams=true to create workstreams from sections
- Update project.html template:
  - Requests tab calls /api/projects/{id}/requests
  - Results grouped by section with collapsible headers
  - Shows item_number, title, priority badge (colored dot), status badge
  - Import button opens modal with file upload, mode selector, options
 2026-02-28 07:13:29 -05:00
James e6a68822c2 Add all missing app templates: projects, project, request, orgs, admin 2026-02-28 06:48:51 -05:00
James 32964abb7c super_admin bypasses CheckAccess — full rwdm on all projects 2026-02-28 06:32:21 -05:00
James 3df2482a4d chore: auto-commit uncommitted changes 2026-02-28 06:01:21 -05:00
James 5ac277ce6f Add test suite: crypto, dbcore, rbac, auth middleware, integration 2026-02-28 05:46:47 -05:00
James 242e063855 Add email system: mailer + 7 transactional templates 2026-02-28 05:46:03 -05:00
James 4371b00035 Add watermark tests and update website content 2026-02-28 05:40:58 -05:00
James 44dde159f6 Add ops: systemd service, deploy scripts, backup, healthcheck, README 2026-02-28 05:38:02 -05:00
James 202bac8693 Initial Go foundation 
Complete project structure with FIPS 140-3 crypto (AES-256-GCM + HKDF-SHA256),
entry-based data model, three RBAC choke points (EntryRead/EntryWrite/EntryDelete),
optimistic locking, soft delete, blind indexes for search, embedded website,
and deployed to muskepo.com.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 04:25:57 -05:00