Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
615 Commits 3 Branches 1 Tag
5ad10485193f076da328732c6c14b044d4f80de6
Commit Graph

435 Commits

Author SHA1 Message Date
Hartmut 5bc7cace26 fix(auth): make active-session check fail-open; add missing DB migration 
The active_sessions table was never migrated to production — the model
was added to the Prisma schema via db push only. prisma migrate deploy
was a no-op because no migration directories existed.

Without the table, prisma.activeSession.findUnique() throws P2021,
crashing the tRPC handler with 500 on every authenticated request.
This silently emptied all admin pages (users, system-roles, etc.).

Changes:
- Wrap the jti ActiveSession lookup in try-catch so the tRPC handler
  degrades gracefully (fail-open) if the table is temporarily missing
- Add packages/db/prisma/migrations/20260401000000_active_sessions/
  so prisma migrate deploy creates the table on next production deploy
  (idempotent via IF NOT EXISTS — safe if table already exists)

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-04-01 18:38:05 +02:00
Hartmut 0e119cfe73 security: close audit findings #19–#23 and harden Docker setup (#24) 
#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request
#20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch
#21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth
#22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds
#23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request

#24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob;
    run db:migrate:deploy on container start so a fresh checkout boots without manual steps

Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap)

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-04-01 18:19:21 +02:00
Hartmut 7277e60691 test(api): widen resource capacity edge coverage 2026-04-01 07:52:40 +02:00
Hartmut 071ea13cc4 test(api): stabilize chargeability stats regression 2026-04-01 07:45:02 +02:00
Hartmut 8c5be51251 feat(platform): checkpoint current implementation state 2026-04-01 07:42:03 +02:00
Hartmut 3e53471f05 refactor(api): split resource read models 2026-04-01 07:38:03 +02:00
Hartmut 41916a4e46 refactor(api): share owned resource read access 2026-04-01 07:35:34 +02:00
Hartmut a0c98cf24d test(api): close assistant split regression gaps 2026-04-01 07:33:00 +02:00
Hartmut f2d65d3cd4 test(api): add assistant split regression runner 2026-04-01 00:51:23 +02:00
Hartmut 254f2caa94 test(api): cover assistant timeline resource selection 2026-04-01 00:44:53 +02:00
Hartmut 3d9d3dd5a7 test(api): cover assistant system role configs 2026-04-01 00:44:42 +02:00
Hartmut 9c58952170 test(api): cover assistant import export tools 2026-04-01 00:44:29 +02:00
Hartmut 67f57e2791 test(api): cover ai client helpers 2026-04-01 00:44:16 +02:00
Hartmut ef282e5e00 test(api): add assistant master data mutation helpers 2026-04-01 00:42:49 +02:00
Hartmut ed021947ad test(api): add assistant timeline allocation mutation helpers 2026-04-01 00:42:43 +02:00
Hartmut 0039a9997a test(api): cover assistant project computation views 2026-04-01 00:42:02 +02:00
Hartmut 22ead3ca3d test(api): cover assistant project cover tools 2026-04-01 00:41:55 +02:00
Hartmut 30b202c391 test(api): cover assistant change history queries 2026-04-01 00:41:46 +02:00
Hartmut 740ef0ecdb test(api): cover assistant master data rate lookup 2026-04-01 00:41:40 +02:00
Hartmut 43c4ad37f3 test(api): cover assistant auth guard 2026-04-01 00:41:31 +02:00
Hartmut f52380dc53 test(api): cover assistant chargeability report 2026-04-01 00:41:26 +02:00
Hartmut 95940f005b test(api): cover assistant budget status 2026-04-01 00:41:17 +02:00
Hartmut 1d4e5c62b0 test(api): cover assistant insights and scenarios 2026-04-01 00:41:09 +02:00
Hartmut 38a7826326 test(api): cover assistant advanced timeline views 2026-04-01 00:38:55 +02:00
Hartmut 8349c5e0b3 test(api): cover assistant advanced resource ranking 2026-04-01 00:38:49 +02:00
Hartmut 248973c87d test(api): cover assistant estimate version status errors 2026-04-01 00:38:15 +02:00
Hartmut c65ae132d3 test(api): cover assistant estimate revision export errors 2026-04-01 00:38:10 +02:00
Hartmut f1427a3f85 test(api): cover assistant estimate planning handoff errors 2026-04-01 00:38:03 +02:00
Hartmut a07057438e test(api): cover assistant estimate weekly phasing errors 2026-04-01 00:37:59 +02:00
Hartmut 7b6a4f6436 test(api): cover assistant estimate commercial term errors 2026-04-01 00:37:45 +02:00
Hartmut 276751c4ca test(api): cover assistant estimate draft errors 2026-04-01 00:37:45 +02:00
Hartmut 0b535a6a5f test(api): cover assistant estimate clone paths 2026-04-01 00:37:45 +02:00
Hartmut 80c31cc53f test(api): cover assistant estimate reads 2026-04-01 00:37:38 +02:00
Hartmut c510eeae37 test(api): cover assistant dispo import tools 2026-04-01 00:36:26 +02:00
Hartmut ef9ec798ed test(api): cover assistant dispo staged resolution 2026-04-01 00:36:22 +02:00
Hartmut 542d61bed3 test(api): cover assistant dispo staged reads 2026-04-01 00:36:17 +02:00
Hartmut e76b4b2cfe test(api): cover assistant timeline project shifts 2026-04-01 00:35:28 +02:00
Hartmut 7949aeb2e4 test(api): cover assistant timeline inline allocation update 2026-04-01 00:35:16 +02:00
Hartmut 3607d73b84 test(api): cover assistant timeline allocation shifts 2026-04-01 00:35:16 +02:00
Hartmut adf25f328f test(api): cover assistant timeline batch quick assign 2026-04-01 00:34:25 +02:00
Hartmut 705b570684 test(api): cover assistant timeline quick assign 2026-04-01 00:34:18 +02:00
Hartmut 2b8e1a1bf1 test(api): cover assistant allocation mutations 2026-04-01 00:33:28 +02:00
Hartmut 3a82a52897 test(api): cover assistant allocation reads 2026-04-01 00:31:51 +02:00
Hartmut 53158dc60d test(api): cover assistant comment tools 2026-04-01 00:30:23 +02:00
Hartmut f6c252be34 test(api): cover assistant client mutations 2026-04-01 00:29:44 +02:00
Hartmut e1228244e9 test(api): cover assistant demand tools 2026-04-01 00:29:07 +02:00
Hartmut 40bf22a01a test(api): cover assistant role mutations 2026-04-01 00:28:30 +02:00
Hartmut a154cd8658 test(api): cover assistant org unit mutations 2026-04-01 00:27:29 +02:00
Hartmut 1a9212fa5f test(api): cover assistant metro city mutations 2026-04-01 00:26:53 +02:00
Hartmut c88f2342d5 test(api): cover assistant country tools 2026-04-01 00:26:21 +02:00