curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
279 Commits 1 Branch 0 Tags
cce70b2ef60e422f26b8351eb62df9d5cb7a62f4
Commit Graph

6 Commits

Author SHA1 Message Date
curo1305 a548266461 refactor(backend): extract shared helper modules per architecture rules 
- Add backend/ai/utils.py — parse_classification, parse_suggestions, strip_code_fences
  shared by all AI providers; removes duplicated private functions from
  anthropic_provider.py and openai_provider.py
- Add backend/deps/utils.py — get_client_ip, parse_uuid request-parsing helpers;
  removes local _ip() variants from admin.py, auth.py, shares.py, folders.py
- Add backend/storage/exceptions.py — canonical CloudConnectionError definition;
  all routers and backends import from here instead of redefining
- Move validate_password_strength to backend/services/auth.py; removes duplicated
  _validate_password_strength from admin.py and auth.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-02 16:10:35 +02:00
curo1305 d771f0805d fix(06.2): shared badge and recipient handle missing in FileManagerView 
- shares.py grant_share: include recipient_handle in response so ShareModal shows the name immediately without reload
- FileManagerView: add Shared pill badge next to document name (badge only existed in DocumentCard, not the main file manager view)
- FileManagerView ShareModal: wire @unshared to clear is_shared flag when last recipient is removed

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-01 19:47:00 +02:00
curo1305 50b6e7fd06 fix(06.2): WR-07 document X-Forwarded-For trust boundary in all IP extraction code 2026-06-01 14:29:35 +02:00
curo1305 1f2cec9ac3 fix(06.2): CR-07 add audit log entry for PATCH /shares/{share_id} permission change 2026-06-01 14:27:08 +02:00
curo1305 ea231853e9 feat(06.2-02): backend — ShareCreate.permission field + PATCH /{share_id} endpoint 
- Add permission field (default "view") with field_validator to ShareCreate
- Add SharePermissionPatch model with same validator
- Wire body.permission into grant_share() Share constructor
- Add PATCH /{share_id} endpoint with IDOR protection (T-06.2-02-01)
- Promote 3 xfail stubs to real tests (create_with_permission, patch_permission, patch_idor)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-31 15:04:53 +02:00
curo1305 964128e143 feat(phase-4): Sharing API (SHARE-01..05) — grant by handle, received folder, IDOR-safe revoke 
- POST /api/shares: grant share by recipient_handle; 400 self-share, 404 bad UUID/doc/user, 409 duplicate
- GET /api/shares?document_id: list shares owned by current user for a document
- GET /api/shares/received: virtual "shared with me" folder — metadata only (no extracted_text)
- DELETE /api/shares/{share_id}: revoke with IDOR protection (share.owner_id != current_user.id → 404)
- IntegrityError on UniqueConstraint(document_id, recipient_id) → 409
- write_audit_log called for share.granted and share.revoked (D-14)
- /received defined before /{share_id} in router to prevent FastAPI path parameter conflict
- No quota table touched — recipient quota never modified by share operations (T-04-04-04)
 2026-05-25 18:43:49 +02:00