Commit Graph

21 Commits

Author SHA1 Message Date
null 866ba52890 refactor(server): migrate all 29 route controllers to TypeScript (.cts)
Every routes/*.js → .cts, with handler signatures typed against the shared
http Req/Res/Next types. Routes carry @ts-nocheck for now — they're thin glue
over the (fully typed) services, so full route-level type-checking is deferred;
the handler-param typing is a head-start. server.js + test requires updated to
the explicit .cts paths.

Behavior-preserving. Verified: check:server 0, typecheck:server 0, suite 226/226,
real boot → /api/health + /api/about 200 (all routes mount).

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 11:26:50 -05:00
null 409b8a5618 refactor(server): finish services layer — subscription/spreadsheet/oidc/userDbImport → .cts
Completes the services/ TypeScript migration (0 .js remain). These four are the
largest, most dynamic modules (subscription-catalog matcher, xlsx/spreadsheet
parser, OIDC protocol client, SQLite user-DB importer); converted to .cts with a
top-of-file @ts-nocheck so they run via Node type-stripping now, with rich typing
deferred as an incremental follow-up. The other ~46 services are fully typed.

Behavior-preserving. Verified: typecheck:server 0, check:server 0, suite 226/226.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 11:22:44 -05:00
null 6746d42380 refactor(server): migrate 5 more services to TypeScript (.cts)
webauthnService, cleanupService, backupService, bankSyncService, authService.

Behavior-preserving. Verified: typecheck:server 0, check:server 0, suite 226/226.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 11:06:05 -05:00
null a6c9b6cb1c refactor(server): migrate 8 leaf services + apiError to TypeScript (.cts)
Batch of low-blast-radius modules: utils/apiError, and services statusRuntime,
loginFingerprint, auditService, transactionMatchState, updateCheckService,
advisoryFilterService, bankSyncConfigService.

- types/http.d.ts: shared permissive Express-ish Req/Res/Next/Router types
  (@types/express isn't installed; handlers are dynamic) — for apiError's
  errorHandler now and the routes/middleware batches next.
- Every require of a migrated module updated to the explicit .cts extension.
- Confirmed + documented the Node rule: a .cts needs at least one `import`
  statement or type-stripping never activates (node --check fails on the first
  type token); import-less modules lead with an `import type`.

Behavior-preserving. Verified: typecheck:server 0, check:server 0, suite 226/226.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 10:47:16 -05:00
null 005b0b7b64 refactor(server): migrate 10 services to TypeScript (.cts)
Continues the incremental server TS migration (after utils/*.mts and
paymentValidation.cts): converts 10 services to .cts (CommonJS TypeScript,
run natively via Node type-stripping — no build step), type-checked by
tsconfig.server.json.

Migrated: totpService, amountSuggestionService, encryptionService,
paymentAccountingService, statusService, aprService, driftService,
analyticsService, spendingService, billMerchantRuleService.

- types/db.d.ts: shared minimal better-sqlite3 Db/Statement types (the lib
  ships none), reused across the migrated modules.
- Every require of a migrated service updated to the explicit .cts extension
  (extensionless require does not resolve .cts) across routes / services /
  db migrations / server.js / workers / tests — require-only changes.
- package.json: check:server find pattern now includes *.cts (it silently
  skipped .cts before, so paymentValidation.cts had no node --check gate).

Behavior-preserving (types only). Verified: typecheck:server 0,
check:server 0, full server suite 226/226, real boot → /api/health 200.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-06 10:35:29 -05:00
null 0e6f04c7bc feat(settings): sign out of other devices (plan Tier 7)
- New POST /auth/logout-others keeps the current session and invalidates all
  others (invalidateOtherSessions with the current session id), writes a
  logout.others audit entry, and returns the count ended.
- api.logoutOthers(); a "Sign out of other devices" button in the Login History
  dialog, guarded by an AlertDialog confirmation. On success: toast with the
  count and refetch the history so it collapses to just this device.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
2026-07-05 16:05:59 -05:00
null 99abca9868 security: WebAuthn / FIDO2 hardware security key 2FA 2026-06-05 22:05:23 -05:00
null 653dd72e12 feat: TOTP 2FA for login & profile setup flow 2026-06-04 04:10:14 -05:00
null a6b2e8bb87 fix: login mode card update, OIDC service improvements, auth middleware refinements 2026-06-04 03:53:38 -05:00
null 26b6fb13e5 feat: login history with geolocation, encryption, new device alerts, session detection 2026-06-04 03:38:32 -05:00
null 67ce59db50 v0.35.0 2026-05-31 15:52:50 -05:00
null 31bafb0e55 0.34.3 2026-05-31 15:06:10 -05:00
null 0ba315bd32 v0.28.0 2026-05-15 22:45:38 -05:00
null 263f1c5e6e v0.27.04 2026-05-15 01:36:56 -05:00
null d720931894 v0.27.02 push 2026-05-14 21:00:07 -05:00
null 2ce5328fd2 v0.25.0: roadmap redesign, import CSRF fix, AdminDashboard removed
- RoadmapPage: kanban-style priority lanes, shadcn Collapsible/Tabs,
  lazy-loaded activity log, admin-only /api/about/roadmap + /dev-log endpoints
- Import CSRF fix: added x-csrf-token header to importAdminBackup,
  previewSpreadsheetImport, previewUserDbImport raw fetch() calls
- Removed AdminDashboard.jsx, replaced by RoadmapPage
- Added @radix-ui/react-collapsible + collapsible shadcn component
- Security audit by Private_Hudson: PASS (CSRF fix verified,
  admin endpoints gated, path traversal mitigated, XSS safe)
2026-05-11 21:42:36 -05:00
null 78f95f784e fix: remove duplicate login route (authLogin.js), consolidate into auth.js
- Deleted routes/authLogin.js (orphaned duplicate login handler)
- Removed authLoginRouter import and mount from server.js
- Rate limiter now runs as standalone middleware on /api/auth/login
- Added try/catch to auth.js login handler (was only in deleted file)
- Consistent audit log variable naming (username vs req.body.username)
- No functionality change — login flow works identically
2026-05-10 12:20:50 -05:00
null c4a3593241 v0.22.2: Session Token Rotation on Auth Events
- invalidateOtherSessions() in authService.js: deletes all sessions except current
- Password change (auth.js + profile.js) now invalidates all other sessions
- Password change rotates current session ID (sets new cookie)
- New POST /api/auth/logout-all endpoint (deletes all sessions + clears cookie)
- Audit logging for logout.all and password.change
- Added last_password_change_at to auth.js change-password for consistency
- Hudson security audit: 6/6 PASS
2026-05-10 03:55:14 -05:00
null 7503a54f81 v0.20.6: Audit logging for critical operations
- New audit_log table (migration v0.45) with indexes
- logAudit() service with try/catch safety (never crashes app)
- Audit events: login.success, login.failure, logout, password.change, role.change, csrf.failure, profile.update, profile.settings.update
- All events include ip_address and user_agent
- No passwords, tokens, or session IDs logged
- Hudson security audit: 7/7 PASS
2026-05-10 00:03:12 -05:00
kaspa 4d1709aea3 push 2026-05-09 13:03:36 -05:00
_null b9d1366d46 initial commit 2026-05-03 19:51:57 -05:00