343f12259c
Add profile feature, input sanitization, and stronger security checks
...
Backend:
- app/core/sanitize.py: shared sanitize_str, normalize_email, validate_phone,
validate_date_of_birth — applied to every user-supplied DB-bound input
- app/schemas/user.py: sanitize full_name, normalize email on UserCreate
- app/models/profile.py: profiles table (position, phone, dob, address, updated_at)
- app/models/user.py: Profile back-ref, is_superuser admin-role comment
- app/schemas/profile.py: ProfileRead/ProfileUpdate with full sanitization
- app/routers/profile.py: GET+PUT /api/profile/me (lazy profile creation)
- app/main.py: register /api/profile router
- alembic migration 676084df61d1: create profiles table
Frontend:
- components/Nav.tsx: shared nav (Dashboard | Profile | Logout)
- pages/ProfilePage.tsx: profile view + inline edit form with error handling
- pages/DashboardPage.tsx: use Nav component
- api/client.ts: ProfileData type, getProfile, updateProfile
- App.tsx: /profile private route
Security:
- scripts/security_check.py: tighter SQL injection patterns (f-string/format/%
in execute/query/text()), new SANIT category for raw request→DB patterns
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-13 18:15:47 +02:00
a5baef73d9
Implement rootless containers for all services
...
- backend: appuser UID/GID 1001 via useradd, USER directive, --chown on COPY
- frontend builder: appuser UID/GID 1001 via adduser, USER directive
- frontend prod: switch to nginxinc/nginx-unprivileged:alpine (nginx UID 101), listen on 8080
- docker-compose: explicit user: for all services (70:70 db, 1001:1001 backend/frontend-dev, 101:101 frontend-prod)
- nginx.conf: listen 8080 to match unprivileged image
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-13 17:18:02 +02:00
e6d7888513
Fix dev stack startup: seed path, missing migration, passlib/bcrypt incompatibility
...
- python -m scripts.seed (module mode) fixes ModuleNotFoundError
- Add scripts/__init__.py to make scripts/ a proper package
- Generate initial Alembic migration for users table
- Replace passlib with direct bcrypt>=4.0 (passlib unmaintained, broken with bcrypt 4.x)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-12 16:03:03 +02:00
61cef2eacd
Add test user seed, password validation, and pre-commit security hook
...
- backend/scripts/seed.py: creates test@example.com on dev startup
- backend/scripts/start_dev.sh: runs migrations + seed + uvicorn --reload
- backend/app/schemas/user.py: password validator (length, case, digit, special char, forbidden words)
- scripts/security_check.py: Docker-based scanner for secrets, dangerous patterns, weak crypto, bandit
- .githooks/pre-commit: runs security_check.py in python:3.12-slim on every commit
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-12 15:54:23 +02:00
2351b489fe
Fix Docker build: lockfile, BuildKit DNS, and setuptools build backend
...
- Generate frontend/package-lock.json (required by npm ci)
- Add network: host to BuildKit build stages to fix DNS in pip installs
- Switch pyproject.toml build backend to setuptools.build_meta (stable)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-12 15:40:18 +02:00
114df7162f
Dockerize backend, frontend, and database into separate containers
...
- backend/Dockerfile: multi-stage Python build (builder + slim runtime)
- frontend/Dockerfile: multi-stage Node build + nginx:alpine serving
- frontend/nginx.conf: SPA routing + /api/ reverse proxy to backend
- docker-compose.yml: production compose with health checks and proper dependency ordering
- docker-compose.dev.yml: dev overrides with hot reload via volume mounts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-12 15:22:04 +02:00
606b7bd6b3
Initial project scaffold: FastAPI + React/Vite + PostgreSQL SaaS starter
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-12 15:00:44 +02:00
curo1305