boha_admin/app - app - BOHA Automation Git

boha_admin/app

Fork 0

Commit Graph

Author	SHA1	Message	Date
BOHA	d7c7fbad88	fix: security, validation, and data integrity fixes across 53 files - Auth: HS256 algorithm restriction on JWT verify, timing-safe bcrypt for inactive/locked users, locked_until check in loadAuthData, TOTP fixes (async bcrypt, BigInt conversion, future-code counter fix) - Validation: Zod enums for leave_type/status, numeric transforms on foreign keys, VAT 0% coercion fix (Number(v)\|\|21 → v!=null checks) - Permissions: requirePermission on attendance PUT, attendance_users and project_logs access checks, trips users filtered by trips.record - Prisma queries: fixed roles.is:{OR} pattern (doesn't work on to-one relations), attendance_users now filters by attendance.record only - Transactions: wrapped deleteOrder, createOrder, updateUser, deleteUser, duplicateOffer, bulkCreateAttendance, createLeave, scope-templates, leave-requests, company-settings, profile updates - Frontend: mountedRef reset in useListData, blob URL cleanup on unmount, null checks on date fields, AdminDatePicker min/max for HH:mm - Security headers: COOP, CORP, CSP frame-ancestors/form-action/base-uri - Other: exchange-rate cache TTL, invoice-alert midnight comparison fix, numbering.service releaseSequence no-op, nas-offers filename sanitize, Content-Disposition header injection fix, mojibake Czech strings Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-28 08:40:38 +02:00
BOHA	8a453deaac	feat: add email notification for new leave requests - mailer.ts: nodemailer transport via local sendmail - leave-notification.ts: HTML email matching PHP template - Sends notification to LEAVE_NOTIFY_EMAIL on new leave request - Non-blocking: errors logged but don't fail the request - Added LEAVE_NOTIFY_EMAIL and APP_URL env vars Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-23 11:54:29 +01:00
BOHA	4608494a3f	initial commit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-23 08:46:51 +01:00

Author

SHA1

Message

Date

BOHA

d7c7fbad88

fix: security, validation, and data integrity fixes across 53 files

- Auth: HS256 algorithm restriction on JWT verify, timing-safe bcrypt
  for inactive/locked users, locked_until check in loadAuthData, TOTP
  fixes (async bcrypt, BigInt conversion, future-code counter fix)
- Validation: Zod enums for leave_type/status, numeric transforms on
  foreign keys, VAT 0% coercion fix (Number(v)||21 → v!=null checks)
- Permissions: requirePermission on attendance PUT, attendance_users
  and project_logs access checks, trips users filtered by trips.record
- Prisma queries: fixed roles.is:{OR} pattern (doesn't work on to-one
  relations), attendance_users now filters by attendance.record only
- Transactions: wrapped deleteOrder, createOrder, updateUser, deleteUser,
  duplicateOffer, bulkCreateAttendance, createLeave, scope-templates,
  leave-requests, company-settings, profile updates
- Frontend: mountedRef reset in useListData, blob URL cleanup on unmount,
  null checks on date fields, AdminDatePicker min/max for HH:mm
- Security headers: COOP, CORP, CSP frame-ancestors/form-action/base-uri
- Other: exchange-rate cache TTL, invoice-alert midnight comparison fix,
  numbering.service releaseSequence no-op, nas-offers filename sanitize,
  Content-Disposition header injection fix, mojibake Czech strings

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-28 08:40:38 +02:00

BOHA

8a453deaac

feat: add email notification for new leave requests

- mailer.ts: nodemailer transport via local sendmail
- leave-notification.ts: HTML email matching PHP template
- Sends notification to LEAVE_NOTIFY_EMAIL on new leave request
- Non-blocking: errors logged but don't fail the request
- Added LEAVE_NOTIFY_EMAIL and APP_URL env vars

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-23 11:54:29 +01:00

BOHA

4608494a3f

initial commit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-23 08:46:51 +01:00

3 Commits