dannystocker/navidocs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
navidocs/server
History
Claude 27603a3a3a
Fix 8 critical security and marine UX issues 
Security:
- Enforce JWT_SECRET (no fallback to known default)
- Require auth on document/image/search/upload/stats routes
- Remove all test-user-id synthetic user patterns

Marine UX:
- Increase touch targets to 60px minimum (glove-friendly)
- Increase fonts to 16px minimum (sunlight-readable)
- Add ARIA labels to icon-only buttons (accessibility)
- Add alt text to all images (accessibility)

Source: Codex security review + Gemini UX review
Blockers: 8 critical issues preventing production deployment

Files modified: 13
- Security: 6 server files (auth.service.js, documents.js, images.js, search.js, upload.js, stats.js)
- UX: 7 client files (SearchView.vue, TocSidebar.vue, TocEntry.vue, HomeView.vue, LibraryView.vue, GlobalSearch.vue, LanguageSwitcher.vue)

Tests:
- npm audit --production: 0 vulnerabilities 
- All 8 agents completed successfully
- JWT_SECRET enforcement: Server will crash without proper secret
- Auth middleware: Unauthenticated requests return 401
- Admin protection: Non-admin requests return 403
2025-11-14 17:09:07 +00:00
..
config chore(debug): log tenant token parent uid for troubleshooting 2025-10-19 17:11:05 +02:00
db Complete NaviDocs 15-agent production build 2025-11-14 14:55:42 +00:00
docs FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
examples feat: NaviDocs MVP - Complete codebase extraction from lilian1 2025-10-19 01:55:44 +02:00
middleware FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
migrations feat: Phase 3 - Admin settings system with encryption 2025-10-21 10:12:10 +02:00
routes Fix 8 critical security and marine UX issues 2025-11-14 17:09:07 +00:00
scripts FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
services Fix 8 critical security and marine UX issues 2025-11-14 17:09:07 +00:00
test/data chore: Local development environment setup 2025-10-19 04:42:55 +02:00
tests Complete NaviDocs 15-agent production build 2025-11-14 14:55:42 +00:00
utils FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
workers FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
.env.example feat: Phase 3 - Admin settings system with encryption 2025-10-21 10:12:10 +02:00
API_SUMMARY.md feat: NaviDocs MVP - Complete codebase extraction from lilian1 2025-10-19 01:55:44 +02:00
ARCHITECTURE_DIAGRAM.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
AUTH_QUICK_START.md docs: Comprehensive implementation documentation 2025-10-21 10:12:25 +02:00
AUTH_SYSTEM_SUMMARY.md docs: Comprehensive implementation documentation 2025-10-21 10:12:25 +02:00
check-doc-status.js Fix search, add PDF text selection, clean duplicates, implement auto-fill 2025-10-20 01:35:06 +02:00
check-documents.js Fix router path - change /documents/ to /document/ in HomeView 2025-10-20 01:43:15 +02:00
CODEX_REVIEW_COMPLETE.md docs: Comprehensive implementation documentation 2025-10-21 10:12:25 +02:00
DESIGN_AUTH_MULTITENANCY.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
fix-user-org.js Fix search, add PDF text selection, clean duplicates, implement auto-fill 2025-10-20 01:35:06 +02:00
IMPLEMENTATION_COMPLETE.md docs: Comprehensive implementation documentation 2025-10-21 10:12:25 +02:00
IMPLEMENTATION_TASKS.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
index.js Complete NaviDocs 15-agent production build 2025-11-14 14:55:42 +00:00
package.json FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
PHASE_1_COMPLETE.md docs: Comprehensive implementation documentation 2025-10-21 10:12:25 +02:00
README_AUTH.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
run-migration.js feat: Add image extraction design, database schema, and migration 2025-10-19 19:47:30 +02:00
test-full-pipeline.js Implement PDF image extraction with OCR in OCR worker 2025-10-19 19:54:25 +02:00
test-image-extraction.js Implement PDF image extraction with OCR in OCR worker 2025-10-19 19:54:25 +02:00
test-image-system-e2e.js Fix search, add PDF text selection, clean duplicates, implement auto-fill 2025-10-20 01:35:06 +02:00
test-routes.js feat: NaviDocs MVP - Complete codebase extraction from lilian1 2025-10-19 01:55:44 +02:00
UX-RECOMMENDATIONS-SUMMARY.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00
UX-REVIEW.md FINAL: P0 blockers fixed + Joe Trader + ignore binaries 2025-11-13 01:29:59 +01:00