johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
100 Commits 1 Branch 0 Tags 133 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
James cd2b67edd2 feat: template system — save/load request templates in DB; Use Template button; wizard uses ImportTemplate; save-as-template after import 2026-03-17 15:21:50 -04:00
James 84f8350700 feat: server-side test role — PUT /api/admin/test-role writes to session, middleware injects into context 2026-03-12 03:45:39 -04:00
James 27c715f963 chore: auto-commit uncommitted changes 2026-03-04 00:01:22 -05:00
James 0647eb91b6 Request tree: spreadsheet-style table with D&D, linking, import 
- Add sort_order column to entries (migration 002)
- Upgrade migration runner to handle directory of SQL files
- Add TypeSection, SortOrder field, RequestListData, SectionData types
- Add tree API: ListRequestTree, MoveEntry, AnswerLink CRUD, ListAnswers
- Rewrite ImportRequests to create hierarchical tree (request_list → section → request)
- Rewrite project page Requests tab as spreadsheet-style tree table
  - Collapsible request lists and sections
  - Auto-numbering (1, 1.1, 1.2, 2.1.1)
  - Drag & drop reordering between sections
  - Priority/status badges with color coding
  - Attach answer modal (link existing docs or upload new)
  - Per-row actions menu

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 18:30:12 -05:00
James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings 
CRITICAL fixes:
- OTP code comparison now uses constant-time compare (timing attack)
- Backdoor code comparison now uses constant-time compare (timing attack)

HIGH fixes:
- CORS policy restricted to allowlist (was wildcard *)
- Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.)

See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including
4 MEDIUM and 3 LOW/INFO findings documented for future work.
 2026-02-28 07:17:06 -05:00
James 3df2482a4d chore: auto-commit uncommitted changes 2026-02-28 06:01:21 -05:00
James 44dde159f6 Add ops: systemd service, deploy scripts, backup, healthcheck, README 2026-02-28 05:38:02 -05:00
James 202bac8693 Initial Go foundation 
Complete project structure with FIPS 140-3 crypto (AES-256-GCM + HKDF-SHA256),
entry-based data model, three RBAC choke points (EntryRead/EntryWrite/EntryDelete),
optimistic locking, soft delete, blind indexes for search, embedded website,
and deployed to muskepo.com.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 04:25:57 -05:00