security: fix all Critical and High findings from FLAWS_REPORT audit

- Auth: pessimistic locking on login tokens and refresh token rotation,
  backup code attempt counter, rate limiting verification
- Schema: unique constraints on business numbers, FK relations,
  unsigned/signed alignment, attendance duplicate prevention
- Invoices/PDFs: DOMPurify sanitization, bounded queries in stats
  and alerts, VAT rounding, Puppeteer error handling
- Orders/Offers: transactional parent+child creation, Zod NaN
  refinement, status enums, uniqueness checks
- Projects/Files: path traversal protection, streamed uploads,
  permission guards, query param validation
- Attendance/HR: duplicate checks, ownership validation, GPS
  restrictions, trip distance validation
- Frontend: modal lock reference counting, XSS escaping in print
  HTML, ref mutation fixes, accessibility attributes

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

This commit is contained in:

BOHA

2026-04-24 00:58:35 +02:00

parent 122eee175e

commit 528e55991b

57 changed files with 2355 additions and 1010 deletions

									
										2

vitest.config.ts
									
												View File
												
				@@ -9,6 +9,6 @@ export default defineConfig({

				    setupFiles: ["./src/__tests__/setup.ts"],

				    testTimeout: 15000,

				    hookTimeout: 15000,

				    exclude: ["dist/**", "node_modules/**"],

				    exclude: ["dist/**", "node_modules/**", ".claude/**"],

				  },

				});

security: fix all Critical and High findings from FLAWS_REPORT audit

2 vitest.config.ts Unescape Escape View File

2

vitest.config.ts

View File