RyderTech/nlcc-itinerary
1
0
Fork 0
Code Issues Pull Requests Packages Activity
170 Commits 1 Branch 0 Tags
c7142ca6a55a0fab8e315af8e3e1af9e08fc5ace
Commit Graph

56 Commits

Author SHA1 Message Date
Joshua Ryder
df92ebefb8 fix: Use direct process.env access for email configuration 
Simplified email configuration to always use process.env directly instead of
Nuxt runtime config. This ensures Docker environment variables are properly
read at runtime rather than being baked in at build time.

Changes:
- Removed Nuxt runtime config dependency from getEmailConfig()
- Always read EMAIL_* environment variables directly from process.env
- Added comprehensive debug logging to diagnose configuration issues
- Updated nuxt.config.ts with better documentation of runtime config behavior

This ensures environment variables set in docker-compose.yml are properly
used by the application at runtime.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-05 18:16:35 -05:00
Joshua Ryder
47b4a14c4b fix: Ensure email configuration from environment variables is properly used 
Fixed an issue where SMTP configuration would fall back to defaults despite
environment variables being set in docker-compose.yml. The email utility now
properly accesses runtime configuration by accepting the H3 event context.

Changes:
- Created getEmailConfig() helper with dual-strategy config access
- Pass event context from API handlers to email functions
- Added fallback to direct process.env access for reliability
- Added debug logging to diagnose configuration issues in production

This ensures Office365 and other SMTP providers work correctly when configured
via environment variables.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-05 18:11:13 -05:00
Joshua Ryder
2ff493d804 feat: Implement comprehensive security hardening 
Security Improvements:
- Auto-generate AUTH_SECRET and admin credentials on first launch
  - Cryptographically secure random generation
  - Stored in database for persistence
  - Logged once to container logs for admin retrieval

- Implement CSRF protection with double-submit cookie pattern
  - Three-way validation: cookie, header, and session database
  - Automatic client-side injection via plugin
  - Server middleware for automatic validation
  - Zero frontend code changes required

- Add session fixation prevention with automatic invalidation
  - Regenerate sessions on password changes
  - Keep current session active, invalidate others on profile password change
  - Invalidate ALL sessions on forgot-password reset
  - Invalidate ALL sessions on admin password reset

- Upgrade password reset codes to 8-char alphanumeric
  - Increased from 1M to 1.8 trillion combinations
  - Uses crypto.randomInt() for cryptographic randomness
  - Excluded confusing characters (I, O) for better UX
  - Case-insensitive verification

- Implement dual-layer account lockout
  - IP-based rate limiting (existing)
  - Per-account lockout: 10 attempts = 30 min lock
  - Automatic unlock after expiration
  - Admin manual unlock via UI
  - Visual status indicators in users table

Database Changes:
- Add csrf_token column to sessions table
- Add failed_login_attempts and locked_until columns to users table
- Add settings table for persistent AUTH_SECRET storage
- All migrations backward-compatible with try-catch

New Files:
- server/utils/csrf.ts - CSRF protection utilities
- server/middleware/csrf.ts - Automatic CSRF validation middleware
- plugins/csrf.client.ts - Automatic CSRF header injection
- server/api/users/unlock/[id].post.ts - Admin unlock endpoint

Modified Files:
- server/utils/database.ts - Core security functions and schema updates
- server/utils/email.ts - Enhanced reset code generation
- server/api/auth/login.post.ts - CSRF + account lockout logic
- server/api/auth/register.post.ts - CSRF token generation
- server/api/auth/logout.post.ts - CSRF cookie cleanup
- server/api/auth/reset-password.post.ts - Session invalidation
- server/api/auth/verify-reset-code.post.ts - Case-insensitive codes
- server/api/profile/update.put.ts - Session invalidation on password change
- server/api/users/password/[id].put.ts - Session invalidation on admin reset
- pages/users.vue - Lock status display and unlock functionality
- docker-compose.yml - Removed default credentials
- nuxt.config.ts - Support auto-generation

All changes follow OWASP best practices and are production-ready.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-05 17:36:31 -05:00
Joshua Ryder
66172e0baa Add sermon retention policy feature 
Implemented a configurable retention policy system for sermons with automatic cleanup:
- Added settings table to store retention policy configuration
- Created API endpoints for getting/setting retention policy
- Added Database Settings section to admin page with retention options (forever, 1-10 years)
- Implemented manual cleanup endpoint for on-demand deletion
- Added automated daily cleanup task via Nitro plugin
- Sermons are deleted based on their date field according to the retention policy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-04 14:07:14 -05:00
Joshua Ryder
587cefec41 profile deletion fixes 2025-10-12 13:14:04 -04:00
Joshua Ryder
ffb72a7cbd database fix 2025-10-12 01:08:49 -04:00
Joshua Ryder
a505edcae7 created by for sermons 2025-10-12 01:01:01 -04:00
Joshua Ryder
dfdb3e0840 security fixes 2025-10-12 00:24:27 -04:00
Joshua Ryder
773ea92f5d security & footer fix 2025-10-12 00:18:01 -04:00
Joshua Ryder
740ff82642 delete profile fix 2025-10-12 00:10:00 -04:00
Joshua Ryder
c4674a4c85 delete profile & login redirect fixes 2025-10-12 00:05:21 -04:00
Joshua Ryder
056841dc5e rate-limit fixes 2025-10-07 14:19:25 -04:00
Joshua Ryder
ffb721a12c more security improvements 2025-10-07 13:54:29 -04:00
Joshua Ryder
329becfb08 security improvements 2025-10-07 13:39:53 -04:00
Joshua Ryder
a4aca9c99d Downloaded notes filename change 2025-10-07 10:31:39 -04:00
Joshua Ryder
3faec06186 Notes saving fixes 2025-10-07 09:16:27 -04:00
Joshua Ryder
2f505ad7e2 email formatting 2025-10-07 09:10:37 -04:00
Joshua Ryder
8afcac954c auth fixes 2025-10-07 09:02:28 -04:00
Joshua Ryder
7fc1d79eeb Saving notes and username fixes 2025-10-07 08:58:38 -04:00
Joshua Ryder
c7b8735a90 Greeting fix 2025-10-06 18:56:26 -04:00
Joshua Ryder
21b480021e Profile enhancements & greeting 2025-10-06 18:54:58 -04:00
Joshua Ryder
49a88f6634 SSPR fix 2025-10-06 18:43:38 -04:00
Joshua Ryder
ee94b7aec1 SSPR fix 2025-10-06 18:39:18 -04:00
Joshua Ryder
c127ea35f6 Self-service password reset 2025-10-06 18:26:01 -04:00
Joshua Ryder
2dbd4f6ba0 Notes! 2025-10-06 17:20:26 -04:00
Joshua Ryder
291b6743c5 Login watcher 2025-10-06 17:14:54 -04:00
Joshua Ryder
a50791e74c User creation and management 2025-10-06 17:04:34 -04:00
Joshua Ryder
dfa857c131 encryption 2025-10-02 16:25:31 -04:00
Joshua Ryder
002302bb52 auth changes 2025-10-02 11:14:43 -04:00
Joshua Ryder
27fcedfcd5 Songs & dates 2025-10-02 08:59:05 -04:00
Joshua Ryder
4daea87cd1 Add unarchive functionality and show archived status in admin dropdown 2025-10-02 00:05:45 -04:00
Joshua Ryder
f1e0ac0a93 Fix archive functionality: change default includeArchived to false 2025-10-02 00:00:51 -04:00
Joshua Ryder
4b47f56b30 Add archive functionality: database schema, API endpoint, and helper functions 2025-10-01 23:49:44 -04:00
Joshua Ryder
f3d5fc68f3 Fix login UX: disable autocapitalization, make username case-insensitive, improve edit scroll position 2025-10-01 23:40:24 -04:00
Joshua Ryder
4b2ae9482b Add complete edit functionality for sermons with update API endpoint and enhanced Bible reference management 2025-10-01 23:00:51 -04:00
Joshua Ryder
fbb0ec8469 Actually remove the conflicting [id].delete.ts file from git 2025-10-01 22:38:02 -04:00
Joshua Ryder
af72305c80 Fix route conflict: move delete endpoint to /api/sermons/delete/[id] to avoid conflict with [slug].get 2025-10-01 22:33:39 -04:00
Joshua Ryder
bd0539118c Add sermon management functionality with delete capability to admin page 2025-10-01 22:29:50 -04:00
Joshua Ryder
1b282c05fe Complete sermon itinerary application with Nuxt 3, SQLite, authentication, and Docker deployment 2025-10-01 22:15:01 -04:00
Joshua Ryder
793f395795 Starting over 2025-10-01 22:00:32 -04:00
Ryderjj89
eb7d2b6e8c fix: Define generateSlug locally in server/api/sermons/index.post.ts 2025-10-01 19:13:00 -04:00
Ryderjj89
2f3b427477 fix: Move generateSlug to admin page to prevent client-side bundling of server utils 2025-10-01 19:09:17 -04:00
Ryderjj89
4e66e03702 fix: Update database import path in server/utils/auth.ts 2025-10-01 19:07:54 -04:00
Ryderjj89
c83cf7dd82 fix: Rename database utility to .server.ts and update imports 2025-10-01 19:07:02 -04:00
Ryderjj89
0361c3fbe6 Refactor admin form layout, improve bible reference input, re-enable client-side cookie access, and try manual focus on login modal 2025-10-01 18:51:02 -04:00
Ryderjj89
1e48717285 Fix bcryptjs import in database.ts to use static import 2025-10-01 18:36:45 -04:00
Ryderjj89
64d2c7245e Fix bcrypt import in database.ts to use bcryptjs 2025-10-01 18:20:14 -04:00
Ryderjj89
55e5267ffa Update to Node 22, use bcryptjs for better compatibility 2025-10-01 18:12:41 -04:00
Ryderjj89
d8c8c739fa Set auth cookie to httpOnly true for security 2025-10-01 17:48:49 -04:00
Ryderjj89
a97c1955c8 Add autofocus to username input and change cookie sameSite to lax 2025-10-01 17:44:55 -04:00