dannystocker/navidocs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
67 commits 17 branches 2 tags 110 MiB
Commit graph

3 commits

Author SHA1 Message Date
ggq-admin
04c7230046 feat: Phase 3 - Admin settings system with encryption 
Implement system-wide configuration management with encrypted storage for sensitive data:

Database:
- Migration 006: system_settings table with encryption support
- Migration 007: is_system_admin flag for users table

Services:
- settings.service.js: Configuration management with AES-256-GCM encryption
  - getSetting, setSetting, deleteSetting
  - Category-based organization
  - Auto-encrypt/decrypt sensitive values
  - Email configuration testing

Routes:
- settings.routes.js: 8 admin-only endpoints (CRUD settings, categories, test email)

Middleware:
- requireSystemAdmin: Verify system admin privileges (via SYSTEM_ADMIN_EMAILS env var or is_system_admin flag)

Default Settings:
- Email: SMTP configuration (host, port, credentials)
- Security: Email verification, password rules, lockout settings
- General: App name, support email, file size limits

Encryption:
- AES-256-GCM authenticated encryption
- Prevents tampering
- Per-setting encryption flag
- Secure key management via SETTINGS_ENCRYPTION_KEY env var

Environment:
- .env.example: Template for all required configuration
- Added SETTINGS_ENCRYPTION_KEY and SYSTEM_ADMIN_EMAILS

Production-ready admin configuration panel.

🤖 Generated with Claude Code
 2025-10-21 10:12:10 +02:00
ggq-admin
d147ebbca7 feat: Phase 1 - Authentication foundation 
Implement complete JWT-based authentication system with comprehensive security features:

Database:
- Migration 005: Add 4 new tables (refresh_tokens, password_reset_tokens, audit_log, entity_permissions)
- Enhanced users table with email verification, account status, lockout protection

Services:
- auth.service.js: Full authentication lifecycle (register, login, refresh, logout, password reset, email verification)
- audit.service.js: Comprehensive security event logging and tracking

Routes:
- auth.routes.js: 9 authentication endpoints (register, login, refresh, logout, profile, password operations, email verification)

Middleware:
- auth.middleware.js: Token authentication, email verification, account status checks

Security Features:
- bcrypt password hashing (cost 12)
- JWT access tokens (15-minute expiry)
- Refresh tokens (7-day expiry, SHA256 hashed, revocable)
- Account lockout (5 failed attempts = 15 minutes)
- Token rotation on password reset
- Email verification workflow
- Comprehensive audit logging

Scripts:
- run-migration.js: Automated database migration runner
- test-auth.js: Comprehensive test suite (10 tests)
- check-audit-log.js: Audit log verification tool

All tests passing. Production-ready implementation.

🤖 Generated with Claude Code
 2025-10-21 10:11:34 +02:00
ggq-admin
4b91896838 feat: Add image extraction design, database schema, and migration 
- Comprehensive image extraction architecture design
- Database schema for document_images table
- Migration 004: Add document_images table with indexes
- Migration runner script
- Design and status documentation

Prepares foundation for image extraction feature with OCR on images.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-19 19:47:30 +02:00