curo1305 34f012b4e8 fix(05): resolve 5 critical code review findings ...

CR-01: add Field(min_length=1) to UserDeleteConfirm.admin_password
CR-02: add folder ownership check in PATCH /documents/{id} — prevents IDOR
        when folder_id belongs to another user
CR-03: add min_length=1, max_length=255, and path-separator validator to
        DocumentPatch.filename — prevents empty and path-traversal filenames
CR-04: fetchDocumentContent now throws on non-ok responses instead of
        silently returning the error Response
CR-05: object URL revoke in DocumentView uses pagehide + load events with
        120s fallback instead of unreliable 60s blind timer

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-30 11:51:54 +02:00

.planning

docs(05): add code review report — 5 critical, 6 warning, 3 info findings

2026-05-30 11:49:43 +02:00

backend

fix(05): resolve 5 critical code review findings

2026-05-30 11:51:54 +02:00

docker/postgres/initdb.d

chore: commit pending phase-3 work and add TEST_ACCOUNTS.md

2026-05-24 11:30:56 +02:00

frontend

fix(05): resolve 5 critical code review findings

2026-05-30 11:51:54 +02:00

.env.example

feat(05-01): add Phase 5 cloud storage packages and config settings

2026-05-28 20:48:38 +02:00

.gitignore

feat(02-02): frontend auth store, router guard, Login/Register views

2026-05-22 19:45:21 +02:00

CLAUDE.md

feat(phase-4): complete UX redesign — FileManagerView, FolderTreeItem, test suite, and all Phase 4 fixes

2026-05-28 17:10:52 +02:00

docker-compose.yml

Fix Phase 3 UAT blockers: MinIO presigned URL hostname, CORS, admin flush→commit, auth refresh race

2026-05-25 11:30:41 +02:00

TEST_ACCOUNTS.md

chore: commit pending phase-3 work and add TEST_ACCOUNTS.md

2026-05-24 11:30:56 +02:00

test_integration.py

chore: commit pending phase-3 work and add TEST_ACCOUNTS.md

2026-05-24 11:30:56 +02:00

S

Description

No description provided

3 MiB

Languages

Python 65.7%

Vue 22.8%

JavaScript 11.3%