Business-Management

curo/Business-Management

Fork 0

Commit Graph

Author	SHA1	Message	Date
curo1305	d46191789d	Redesign login as landing page, remove self-registration, add nav+placeholders - LoginPage: centred landing layout with logo placeholder box and business name headline (BUSINESS_NAME constant); registration link removed - useAuth: post-login redirect goes to / (dashboard) directly - Nav: Home \| Apps \| Settings \| Logout (consistent on all protected pages) - AppsPage, SettingsPage: white placeholder pages with headline - App.tsx: /apps and /settings private routes; removed /register, /register-success, /login-success; catch-all → / - Deleted: RegisterPage, RegisterSuccessPage, LoginSuccessPage - Backend /api/auth/register kept for future admin-side user creation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 18:29:48 +02:00
curo1305	343f12259c	Add profile feature, input sanitization, and stronger security checks Backend: - app/core/sanitize.py: shared sanitize_str, normalize_email, validate_phone, validate_date_of_birth — applied to every user-supplied DB-bound input - app/schemas/user.py: sanitize full_name, normalize email on UserCreate - app/models/profile.py: profiles table (position, phone, dob, address, updated_at) - app/models/user.py: Profile back-ref, is_superuser admin-role comment - app/schemas/profile.py: ProfileRead/ProfileUpdate with full sanitization - app/routers/profile.py: GET+PUT /api/profile/me (lazy profile creation) - app/main.py: register /api/profile router - alembic migration 676084df61d1: create profiles table Frontend: - components/Nav.tsx: shared nav (Dashboard \| Profile \| Logout) - pages/ProfilePage.tsx: profile view + inline edit form with error handling - pages/DashboardPage.tsx: use Nav component - api/client.ts: ProfileData type, getProfile, updateProfile - App.tsx: /profile private route Security: - scripts/security_check.py: tighter SQL injection patterns (f-string/format/% in execute/query/text()), new SANIT category for raw request→DB patterns Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-13 18:15:47 +02:00

Author

SHA1

Message

Date

curo1305

d46191789d

Redesign login as landing page, remove self-registration, add nav+placeholders

- LoginPage: centred landing layout with logo placeholder box and business
  name headline (BUSINESS_NAME constant); registration link removed
- useAuth: post-login redirect goes to / (dashboard) directly
- Nav: Home | Apps | Settings | Logout (consistent on all protected pages)
- AppsPage, SettingsPage: white placeholder pages with headline
- App.tsx: /apps and /settings private routes; removed /register,
  /register-success, /login-success; catch-all → /
- Deleted: RegisterPage, RegisterSuccessPage, LoginSuccessPage
- Backend /api/auth/register kept for future admin-side user creation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-13 18:29:48 +02:00

curo1305

343f12259c

Add profile feature, input sanitization, and stronger security checks

Backend:
- app/core/sanitize.py: shared sanitize_str, normalize_email, validate_phone,
  validate_date_of_birth — applied to every user-supplied DB-bound input
- app/schemas/user.py: sanitize full_name, normalize email on UserCreate
- app/models/profile.py: profiles table (position, phone, dob, address, updated_at)
- app/models/user.py: Profile back-ref, is_superuser admin-role comment
- app/schemas/profile.py: ProfileRead/ProfileUpdate with full sanitization
- app/routers/profile.py: GET+PUT /api/profile/me (lazy profile creation)
- app/main.py: register /api/profile router
- alembic migration 676084df61d1: create profiles table

Frontend:
- components/Nav.tsx: shared nav (Dashboard | Profile | Logout)
- pages/ProfilePage.tsx: profile view + inline edit form with error handling
- pages/DashboardPage.tsx: use Nav component
- api/client.ts: ProfileData type, getProfile, updateProfile
- App.tsx: /profile private route

Security:
- scripts/security_check.py: tighter SQL injection patterns (f-string/format/%
  in execute/query/text()), new SANIT category for raw request→DB patterns

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-13 18:15:47 +02:00

2 Commits