533783bcae
Mkdocs search fixers
2026-03-09 16:05:25 -06:00
c192c04c79
Security audit: fix 25 findings across API, nginx, and Docker
...
Addresses data exposure, access control, input validation, infrastructure
hardening, and supply chain security issues identified during audit.
Key changes:
- Strip internal fields from public campaign/profile/comment endpoints
- Restrict docs routes to CONTENT_ROLES, provisioning to SUPER_ADMIN
- Add SSE connection limits, social middleware fail-closed behavior
- Bind all non-nginx ports to 127.0.0.1, pin container image versions
- Add CSP header, conditional HSTS, token redaction in nginx logs
- Validate nav URLs, calendar schemas, video tracking batch events
- Reject default admin password placeholder, add SSRF protocol checks
- Exclude .env from Code Server, enforce RC admin password in compose
- Add Zod validation for achievement grant/revoke, webhook secret header
- Fix path traversal prefix attack, add calendar token expiry
Bunker Admin
2026-03-09 14:13:37 -06:00
76b87d9f3d
Tonne of things
2026-03-08 18:11:26 -06:00
3f35e4b18d
Harden MkDocs header auth-check: targeted postMessage, tighter CSP
...
- Replace postMessage wildcard ('*') with explicit parent origin passed
via ?origin= parameter to prevent auth state disclosure to arbitrary
embedders
- Tighten frame-ancestors CSP: production restricts to self + DOMAIN,
dev restricts to localhost origins (was frame-ancestors *)
- Remove deprecated X-Frame-Options ALLOW-FROM header (CSP
frame-ancestors is the modern replacement)
- Validate targetOrigin with URL constructor before use
Bunker Admin
2026-03-07 16:44:29 -07:00
1cca51e518
Tonne of updates to things like social systems, calendars, and the documentation system (making it mobile friendly and fixing up navigation)
2026-03-07 13:10:08 -07:00
2390820e41
Fix MkDocs header nav rendering broken icons for unmapped Ant Design icons
...
ScheduleOutlined was missing from the ANT_ICON_TO_MATERIAL mapping in
header-builder.service.ts, causing Material Icons to render raw text
characters ("S", "O") instead of a clock icon for the Shifts nav item.
Added the missing mapping and a toMaterialIcon() fallback that converts
any unmapped Ant Design icon name to snake_case Material Icons format.
Bunker Admin
2026-03-03 11:08:45 -07:00
9e51aac570
Okay Wish I could say I know exactly. Will do better next time promise lol
2026-02-26 17:47:04 -07:00
7352815e57
More control panel updates
2026-02-21 11:46:55 -07:00
56e262ad8b
Tonne of udpatess
2026-02-18 10:01:54 -07:00
58dc1942ec
More udpates to documentation generation
2026-02-17 10:36:41 -07:00
d3287a0fa4
Updates to howe the file tree udpates
2026-02-16 21:31:47 -07:00
7895ce683e
Tonne of debugging - getting ready for the production builds
2026-02-16 10:44:18 -07:00
a77306fac2
Initial v2 commit: complete rebuild with unified API + React admin
...
Phase 1-14 complete:
- Unified Express.js API (TypeScript, Prisma ORM, PostgreSQL 16)
- React Admin GUI (Vite + Ant Design + Zustand)
- JWT auth with refresh tokens
- Influence: Campaigns, Representatives, Responses, Email Queue
- Map: Locations, Cuts, Shifts, Canvassing System
- NAR data import infrastructure (2025 format)
- Listmonk newsletter integration
- Landing page builder (GrapesJS)
- MkDocs + Code Server integration
- Volunteer portal with GPS tracking
- Monitoring stack (Prometheus, Grafana, Alertmanager)
- Pangolin tunnel integration
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 10:05:04 -07:00
