security: fix all Critical and High findings from FLAWS_REPORT audit
- Auth: pessimistic locking on login tokens and refresh token rotation, backup code attempt counter, rate limiting verification - Schema: unique constraints on business numbers, FK relations, unsigned/signed alignment, attendance duplicate prevention - Invoices/PDFs: DOMPurify sanitization, bounded queries in stats and alerts, VAT rounding, Puppeteer error handling - Orders/Offers: transactional parent+child creation, Zod NaN refinement, status enums, uniqueness checks - Projects/Files: path traversal protection, streamed uploads, permission guards, query param validation - Attendance/HR: duplicate checks, ownership validation, GPS restrictions, trip distance validation - Frontend: modal lock reference counting, XSS escaping in print HTML, ref mutation fixes, accessibility attributes Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -56,7 +56,14 @@ export const config = {
|
||||
path: process.env.NAS_PATH || "Z:/02_PROJEKTY",
|
||||
financialsPath: process.env.NAS_FINANCIALS_PATH || "",
|
||||
offersPath: process.env.NAS_OFFERS_PATH || "",
|
||||
maxUploadSize: parseInt(process.env.MAX_UPLOAD_SIZE || "52428800", 10),
|
||||
maxUploadSize: (() => {
|
||||
const parsed = parseInt(process.env.MAX_UPLOAD_SIZE || "52428800", 10);
|
||||
if (Number.isNaN(parsed) || parsed <= 0) {
|
||||
console.warn("Invalid MAX_UPLOAD_SIZE, using default 52428800");
|
||||
return 52428800;
|
||||
}
|
||||
return parsed;
|
||||
})(),
|
||||
},
|
||||
|
||||
email: {
|
||||
|
||||
Reference in New Issue
Block a user