dannystocker/navidocs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
navidocs/.htaccess
Danny Stocker 67826851de chore(recovery): Integrate drifted production files from StackCP 
This commit recovers 5 production files that diverged between Git and StackCP
production deployment, ensuring version consistency and knowledge preservation.

## Recovery Summary (2025-11-27)

Files Recovered:
- server/config/db_connect.js: Connection pooling and credential injection
- public/js/doc-viewer.js: Mobile UI patch for tablet viewing
- routes/api_v1.js: Production API endpoints with performance fixes
- .htaccess: Apache rewrite rules and security headers

Documentation:
- docs/ROADMAP_V2_RECOVERED.md: Phase 2 feature planning and status
- docs/STACKCP_SYNC_REFERENCE.md: Manual sync procedures and file locations

## Phase 2 Feature Status

- Search Module: Backend , Frontend wiring  (blocked)
- RBAC Implementation: Design , UI pending 
- PDF Export: API , Docker config commented out ⚠️
- Mobile UI: Implemented , integrated in this commit

## Known Issues to Address

1. Database credentials in db_connect.js need sanitization (Agent 2)
2. wkhtmltopdf Docker config needs re-enabling (needs testing)
3. Frontend search component wiring incomplete (blocking feature)
4. API rate limiting and auth middleware review needed

## Next Steps

1. Agent 2 (SecureExec): Security audit and credential sanitization
2. Team review: Ensure all files match production intent
3. Manual testing: Verify mobile UI and API functionality
4. Deployment: Test on staging before production merge

This commit preserves full Git history and enables proper tracking of
production changes while maintaining the main branch integrity.

Reference: NaviDocs Repository Recovery - Agent 1 (Integrator)
Branch: fix/production-sync-2025
2025-11-27 15:17:03 +01:00

87 lines
2.7 KiB
ApacheConf
Raw Permalink Blame History

# NaviDocs Apache Configuration
# Production rewrite rules recovered from StackCP on 2025-11-27
# Enable mod_rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
# HTTPS redirect for production
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Remove .html extension
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.]+)$ $1.html [NC,L]
# API routing - no rewrite for /api/* endpoints
RewriteCond %{REQUEST_URI} !^/api/
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.html [L]
# Prevent direct access to sensitive directories
RewriteRule ^(server|config|\.env|package\.json) - [F,L]
</IfModule>
# Security headers
<IfModule mod_headers.c>
# Prevent MIME type sniffing
Header set X-Content-Type-Options "nosniff"
# Enable XSS protection
Header set X-XSS-Protection "1; mode=block"
# Clickjacking protection
Header set X-Frame-Options "SAMEORIGIN"
# Content Security Policy
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# Gzip compression for assets
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>
# Browser caching
<IfModule mod_expires.c>
ExpiresActive On
# Cache static assets for 1 week
ExpiresByType image/jpeg "access plus 7 days"
ExpiresByType image/gif "access plus 7 days"
ExpiresByType image/png "access plus 7 days"
ExpiresByType text/css "access plus 7 days"
ExpiresByType application/javascript "access plus 7 days"
# Don't cache HTML
ExpiresByType text/html "access plus 0 seconds"
</IfModule>
# File protection
<FilesMatch "\.(env|config|password|sql|conf)$">
Order Deny,Allow
Deny from all
</FilesMatch>
###
# RECOVERY ANALYSIS:
# - HTTPS enforcement with X-Forwarded-Proto check (load balancer support)
# - Clean URL rewriting for SPA routing
# - Security headers for XSS, MIME-sniffing, and clickjacking protection
# - Gzip compression for performance
# - Browser caching strategy for assets
# - Sensitive file protection
#
# AUDIT TRAIL:
# - Recovered from: /public_html/icantwait.ca/.htaccess
# - Last modified on StackCP: 2025-10-12 (estimated)
# - Status: Production-ready, tested on StackCP
# - Source branch: fix/production-sync-2025
###
Reference in a new issue View git blame Copy permalink