a56f8446f7
Fix Pangolin setup: root domain support + disable SSO auth on resources
...
- Omit subdomain field for root domain resources (Pangolin rejects empty
string but accepts absent field)
- Set sso:false + blockAccess:false after resource creation so resources
are publicly accessible without Pangolin auth redirects
- Make subdomain optional in CreateHttpResourcePayload type
- Applied to both /setup and /sync endpoints
Bunker Admin
2026-03-23 15:47:57 -06:00
bb1935027d
Upgrade system finished
2026-03-22 21:47:09 -06:00
647efffdc4
Security hardening: JWT algorithm pinning, key separation, injection fixes
...
- Pin HS256 algorithm on all jwt.verify() calls (9 sites) and jwt.sign()
calls (3 sites) — prevents algorithm confusion attacks
- Add JWT_INVITE_SECRET env var; volunteer invite tokens now use a
dedicated key separate from access/refresh secrets
- Remove req.query.secret fallback from Listmonk webhook route — secrets
must not appear in nginx access logs
- Replace child_process.spawn in email template seed endpoint with direct
function import; add require.main guard to seed script
- Add sanitizeCsvField() to location CSV export to prevent formula
injection in Excel/Sheets (=, +, -, @ prefix → apostrophe prefix)
- Cap QR endpoint text input at 2000 chars to prevent DoS via large payloads
- Fix pre-existing TS errors: type participantNeeds as UpsertNeedsInput
in meeting-planner service; add sso field to UpdateResourcePayload
Bunker Admin
2026-03-22 12:35:04 -06:00
28e4bc9475
Bunch of updates to scheduling
2026-03-15 13:50:09 -06:00
900a0affe5
Add CRM activity enrichment, notification bridging, crash-safe scheduled jobs, and quick wins
...
Workstream A — CRM & Notifications:
- Add fire-and-forget CRM activity helper (api/src/utils/crm-activity.ts) hooked into
campaign email, canvass visit, donation, and purchase write sites
- Add 5 operational NotificationType enum values (shift_signup_confirmed, shift_reminder,
shift_cancelled, canvass_session_summary, reengagement) via Prisma migration
- Bridge notification email queue to in-app notifications for volunteer-facing events
- Extend TYPE_TO_PREF map and NotificationsPage labels for new types
Workstream B — Quick Wins:
- Extract shared role constants (11 roles) to admin/src/utils/role-constants.ts,
update 4 consuming pages
- Add Ad Analytics sidebar entry in payments submenu
- Gate 6 calendar routes with enableSocialCalendar feature flag
- Add GET /series/:id/count endpoint and fix hardcoded shiftsCount={0} in ShiftsPage
- Add influenceCampaignId to Order model for donation-campaign attribution,
wire through Stripe checkout metadata
Workstream C — Crash-Safe Scheduled Jobs:
- Create BullMQ scheduled-jobs queue with 10 repeatable job types replacing
setInterval blocks in server.ts (dynamic imports, concurrency: 2)
- Keep presenceService (1min) and challengeScoringService (5min) as setInterval
Bunker Admin
2026-03-09 14:15:30 -06:00
76b87d9f3d
Tonne of things
2026-03-08 18:11:26 -06:00
1cca51e518
Tonne of updates to things like social systems, calendars, and the documentation system (making it mobile friendly and fixing up navigation)
2026-03-07 13:10:08 -07:00
08d8066157
Add ticketed events, Jitsi meeting integration, social features, and calendar system
...
- Ticketed events: full CRUD, ticket tiers (free/paid/donation), Stripe checkout,
QR-based check-in scanner, public event pages, ticket confirmation emails
- Event formats: IN_PERSON/ONLINE/HYBRID with auto Jitsi meeting room lifecycle,
ticket-gated meeting access, moderator JWT tokens, feature-flag guarded
- Social engagement: challenges with scoring/leaderboards, referral tracking,
volunteer spotlight, impact stories, campaign celebrations, wall of fame
- Social calendar: personal calendar layers, shared calendar items with
recurrence, scheduling polls, mobile day view
- MCP server: events tool pack with full admin CRUD + meeting token generation
- Unified calendar: eventFormat-aware tags, online event indicators
- Updated docs site, pangolin configs, and various admin UI improvements
Bunker Admin
2026-03-06 14:33:33 -07:00
06ce9dac1b
sms updates
2026-02-27 15:02:28 -07:00
621042806a
Updates to sms
2026-02-27 08:36:21 -07:00
9e51aac570
Okay Wish I could say I know exactly. Will do better next time promise lol
2026-02-26 17:47:04 -07:00
7352815e57
More control panel updates
2026-02-21 11:46:55 -07:00
1a1f12c45b
Tonne of updates
2026-02-18 17:15:31 -07:00
56e262ad8b
Tonne of udpatess
2026-02-18 10:01:54 -07:00
99a6abab06
Add video card insert feature + MkDocs video hydration + fixes
...
- New video card block for GrapesJS landing pages, email templates,
MkDocs export, and documentation editor Insert dropdown
- Shared HTML generators in admin/src/utils/videoCardHtml.ts
- MkDocs video-player.js hydrates .video-card-block elements:
thumbnail fix via MEDIA_API_URL, click-to-play inline, Gallery link
- Media API CORS: auto-add MkDocs + docs subdomain origins
- env_config_hook.py: smart Docker hostname detection, ADMIN_PORT
resolution, pass env vars to MkDocs container
- Gallery URL uses /gallery?expanded=ID format
- VideoPickerModal: fix double /api prefix and Docker hostname thumbs
- Seed: default-video-card PageBlock
- Remove V1 legacy code (influence/, map/)
Bunker Admin
2026-02-17 15:42:32 -07:00
a7978de5a0
Bunch of stuff again
2026-02-16 18:48:54 -07:00
7895ce683e
Tonne of debugging - getting ready for the production builds
2026-02-16 10:44:18 -07:00
a77306fac2
Initial v2 commit: complete rebuild with unified API + React admin
...
Phase 1-14 complete:
- Unified Express.js API (TypeScript, Prisma ORM, PostgreSQL 16)
- React Admin GUI (Vite + Ant Design + Zustand)
- JWT auth with refresh tokens
- Influence: Campaigns, Representatives, Responses, Email Queue
- Map: Locations, Cuts, Shifts, Canvassing System
- NAR data import infrastructure (2025 format)
- Listmonk newsletter integration
- Landing page builder (GrapesJS)
- MkDocs + Code Server integration
- Volunteer portal with GPS tracking
- Monitoring stack (Prometheus, Grafana, Alertmanager)
- Pangolin tunnel integration
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 10:05:04 -07:00
