null/BillTracker
null
/
BillTracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
51 Commits 2 Branches 2 Tags 13 MiB
Commit Graph

18 Commits

Author SHA1 Message Date
null e184fed88a v0.20.7: Keyboard navigation and ARIA accessibility 
- Skip-to-content link for keyboard users (sr-only/focus:not-sr-only pattern)
- aria-expanded and aria-haspopup on Tracker menu dropdown
- aria-label on footer, role='main' and aria-labelledby on layout wrapper
- Main content wrapped in <main> with unique id from React useId()
- Fixed build error: useId imported from react, not react-router-dom
- Hudson security audit: 5/5 PASS (no XSS, no DOM clobbering, no injection)
 2026-05-10 00:18:36 -05:00
null 7503a54f81 v0.20.6: Audit logging for critical operations 
- New audit_log table (migration v0.45) with indexes
- logAudit() service with try/catch safety (never crashes app)
- Audit events: login.success, login.failure, logout, password.change, role.change, csrf.failure, profile.update, profile.settings.update
- All events include ip_address and user_agent
- No passwords, tokens, or session IDs logged
- Hudson security audit: 7/7 PASS
 2026-05-10 00:03:12 -05:00
null 8e7f977fef v0.20.5: Bulk payment input validation 
- Request body must contain `payments` array (breaking change from raw array)
- Max 50 items per bulk request
- Per-item validation: bill_id (integer regex + parseInt), paid_date (YYYY-MM-DD), amount (finite number >= 0)
- Duplicate detection using bill_id + paid_date + amount composite key — skipped, not rejected
- Response format: { created, skipped, errors }
- Security fix: bill_id type coercion attack (parseInt('1abc') bypass) blocked via regex check
- Security fix: Infinity amount bypass blocked via isFinite() check
- Hudson audit: 5/7 PASS, 2 FAIL fixed (type coercion + Infinity)
 2026-05-09 23:41:28 -05:00
null 35e09430c9 v0.20.4: Explicit migration dependency management 
- Added dependsOn field to all 17 versioned migrations
- Added validateMigrationDependencies() function for dependency validation
- Migrations with unmet dependencies are skipped with error log (no crash)
- Dependency satisfaction logged: [migration] vX depends on [vY] — satisfied
- appliedVersions Set tracks newly applied migrations for subsequent checks
- Hudson security audit: 7/7 PASS
 2026-05-09 23:24:51 -05:00
null 1fd4f49758 v0.20.3: Performance indexes on frequently queried columns 
- Added v0.44 migration with 4 indexes:
  - idx_bills_user_name ON bills(user_id, name)
  - idx_payments_method ON payments(method)
  - idx_monthly_starting_amounts_user ON monthly_starting_amounts(user_id)
  - idx_import_history_imported_at ON import_history(imported_at)
- Fixed nested transaction bug in migration run() function
- Hudson security audit: 7/7 PASS
 2026-05-09 22:44:38 -05:00
null d34316844e v0.20.2: Transaction wrapping for database migrations 
- All migrations (versioned, legacy, unversioned) now run within
  BEGIN/COMMIT with ROLLBACK on failure
- v0.40 migration uses try/finally to guarantee PRAGMA foreign_keys
  is always re-enabled, even on error paths
- Clear transaction boundary logging (BEGIN/COMMIT/ROLLBACK)
- Hudson security audit: 6/7 PASS, FK fix applied for v0.40 edge case
 2026-05-09 22:34:50 -05:00
null 0cd8423a19 v0.20.1: code splitting, version badge on roadmap, roadmap nav link 
- React.lazy + Suspense for all page components (except LoginPage)
- PageLoader component for loading states
- Version badge on admin roadmap page
- Version in /api/about-admin response
- Roadmap nav link for admins (dropdown + sidebar)
- /admin/roadmap route
 2026-05-09 22:01:19 -05:00
null 852da29b4d v0.20.0: admin dashboard with roadmap and activity log 
- New AdminDashboard component with Roadmap and Activity Log
- Color-coded priority cards (🔴🟠🟡🔵💭) with collapsible sections
- CRITICAL/HIGH expanded by default, others collapsed
- Activity log shows DEVELOPMENT_LOG entries in reverse chronological order
- Admin-only rendering, non-admins see standard About page
- Custom scrollbar styles for admin panels
- Version bumped to 0.20.0 (Bishop)
 2026-05-09 21:14:21 -05:00
null 3a1d6133f6 docs: v0.19.4 changelog, remove completed session cleanup from FUTURE.md 2026-05-09 20:21:22 -05:00
null 9f9c3a2080 v0.19.3: update HISTORY.md and FUTURE.md 2026-05-09 19:47:30 -05:00
null 4e91bed343 v0.19.2: add React Error Boundaries for crash recovery 
Added ErrorBoundary component wrapping all routes in App.jsx.
Shows friendly fallback UI with Try Again and Reload buttons
instead of white screen crash. Logs component stack to console.
 2026-05-09 18:33:02 -05:00
null a9cdf846fe v0.19.2: fix legacy DB migration login failure + security hardening 
CRITICAL fix: Users upgrading from pre-migration-tracking databases
(now get 'invalid username/password' because schema_migrations table
doesn't exist. Added handleLegacyDatabase() and
reconcileLegacyMigrations() to detect and reconcile legacy DBs.

Security fixes:
- Path traversal: replaced sanitizePath() with ALLOWED_FILES allowlist
- Public /about bypass: added admin route guard in App.jsx
- Sensitive info exposure: expanded redactSensitiveContent() patterns
- Error message path leaks: generic error messages only
- Race condition: wrapped in db.transaction() in server.js
- Password validation: INIT_REGULAR_PASS min 8 chars with process.exit(1)

All verified by Bishop (build + runtime) and Private_Hudson (security).
 2026-05-09 18:25:25 -05:00
null cf2ed37c1e feat: add INIT_REGULAR_USER env var, move bill_history_ranges to v0.42 migration 
- Add INIT_REGULAR_USER/INIT_REGULAR_PASS for non-admin test user creation
- Regular user created at startup with role='user', not admin
- Move bill_history_ranges from inline to versioned migration v0.42
- Clean up FUTURE.md: remove completed items, add skip-first-login item
 2026-05-09 16:38:28 -05:00
null 6c7d481494 feat: add admin about page with security hardening 
- Add /api/about-admin endpoint (admin-only, path traversal protection, content redaction, error sanitization)
- Add /admin/about route with RequireAuth admin guard
- Add adminActionLimiter rate limiting on about-admin endpoint
- Add rehype-sanitize XSS prevention in AboutPage.jsx
- Add aboutAdmin API client endpoint
- Create HISTORY.md with version bump convention (patch/minor/major)
- Update Engineering Reference Manual with about-admin docs and security measures
- Add INIT_REGULAR_USER/INIT_REGULAR_PASS env vars to docs
- Update FUTURE.md with critical regular user env var item
 2026-05-09 16:25:12 -05:00
null 6c730635ec docs: add bill_history_ranges cleanup to FUTURE.md 2026-05-09 15:20:17 -05:00
null d5057a6325 feat: add migration version tracking, update docs, add dev log 
- Added schema_migrations table for explicit version tracking (CRITICAL fix)
- Refactored runMigrations() to use versioned migration objects
- Added hasMigrationBeenApplied() and recordMigration() helpers
- Migrations now skip already-applied versions and log progress
- Updated FUTURE.md with migration system issues and criticality ratings
- Updated Engineering_Reference_Manual.md with migration system docs
- Added DEVELOPMENT_LOG.md for agent work tracking
 2026-05-09 15:17:40 -05:00
null a815817c27 push-test 2026-05-09 14:29:17 -05:00
kaspa 4d1709aea3 push 2026-05-09 13:03:36 -05:00