changemaker.lite

admin/changemaker.lite

Fork 0

Commit Graph

Author	SHA1	Message	Date
bunker-admin	5d15b4cffa	Add engagement scoring and homepage stats EventBus listeners - Engagement scoring listener: 11 event subscriptions, weighted scoring (donation=50, subscription=40, shift=20, canvass=15, email=10, video=3), Redis sorted set leaderboard, per-contact score + last-activity tracking - Homepage stats listener: 12 subscriptions, incremental Redis counters (emails, signups, donations, responses, canvass, videos), capped recent activity lists (last 20 per type), cache invalidation on data changes - GET /api/homepage/live-stats — public real-time counters + recent activity - GET /api/observability/engagement-leaderboard — admin top-N contacts - Total: 8 listeners, 70 subscriptions across all modules Bunker Admin	2026-03-31 10:21:05 -06:00
bunker-admin	0c2ffe754e	Harden Stripe payment integration: 15 security fixes from audit Addresses 11 original findings (1 critical, 3 high, 4 medium, 3 low) plus 4 additional findings from security review: - Mask secrets in PUT /settings response (was leaking decrypted keys) - Add paymentCheckoutRateLimit (10/hr/IP) to all 5 checkout endpoints - Implement durable audit logging to payment_audit_log table - Pin Stripe API version to 2026-01-28.clover (SDK v20.3.1) - Add charge.dispute.created/closed webhook handlers with DISPUTED status - Restore tickets on dispute won, handle charge_refunded closure - Guard against sentinel passthrough corrupting stored Stripe keys - Wrap refund DB updates in try/catch with webhook reconciliation fallback - Add $transaction for product maxPurchases race condition - Remove dead Payment model lookup from handleChargeRefunded - Cap donation amount at $100k in both schemas - Add requirePaymentsEnabled middleware on all checkout routes - Remove Stripe internal IDs from CSV exports - Add Cache-Control: no-store on admin settings responses Bunker Admin	2026-03-31 08:34:23 -06:00
bunker-admin	7895ce683e	Tonne of debugging - getting ready for the production builds	2026-02-16 10:44:18 -07:00

Author

SHA1

Message

Date

bunker-admin

5d15b4cffa

Add engagement scoring and homepage stats EventBus listeners

- Engagement scoring listener: 11 event subscriptions, weighted scoring
  (donation=50, subscription=40, shift=20, canvass=15, email=10, video=3),
  Redis sorted set leaderboard, per-contact score + last-activity tracking
- Homepage stats listener: 12 subscriptions, incremental Redis counters
  (emails, signups, donations, responses, canvass, videos), capped recent
  activity lists (last 20 per type), cache invalidation on data changes
- GET /api/homepage/live-stats — public real-time counters + recent activity
- GET /api/observability/engagement-leaderboard — admin top-N contacts
- Total: 8 listeners, 70 subscriptions across all modules

Bunker Admin

2026-03-31 10:21:05 -06:00

bunker-admin

0c2ffe754e

Harden Stripe payment integration: 15 security fixes from audit

Addresses 11 original findings (1 critical, 3 high, 4 medium, 3 low)
plus 4 additional findings from security review:

- Mask secrets in PUT /settings response (was leaking decrypted keys)
- Add paymentCheckoutRateLimit (10/hr/IP) to all 5 checkout endpoints
- Implement durable audit logging to payment_audit_log table
- Pin Stripe API version to 2026-01-28.clover (SDK v20.3.1)
- Add charge.dispute.created/closed webhook handlers with DISPUTED status
- Restore tickets on dispute won, handle charge_refunded closure
- Guard against sentinel passthrough corrupting stored Stripe keys
- Wrap refund DB updates in try/catch with webhook reconciliation fallback
- Add $transaction for product maxPurchases race condition
- Remove dead Payment model lookup from handleChargeRefunded
- Cap donation amount at $100k in both schemas
- Add requirePaymentsEnabled middleware on all checkout routes
- Remove Stripe internal IDs from CSV exports
- Add Cache-Control: no-store on admin settings responses

Bunker Admin

2026-03-31 08:34:23 -06:00

bunker-admin

7895ce683e

Tonne of debugging - getting ready for the production builds

2026-02-16 10:44:18 -07:00

3 Commits