Patrick/medassist-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
148 Commits 16 Branches 64 Tags
b8d56479805ac395809f0a726d45dbf81a1a5607
Commit Graph

14 Commits

Author SHA1 Message Date
Daniel Volz cb1810586d security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting) 
- Add URL validation to prevent SSRF attacks on notification endpoints
  - Block private IPs (10.x, 172.16-31.x, 192.168.x, 169.254.x)
  - Block localhost and internal hostnames
  - Only allow HTTP/HTTPS protocols
- Add HTML escaping for medication names in email templates (XSS)
- Add stricter rate limiting for auth routes (5 req/15min for login/register)
- Add SSRF protection tests (405 tests total)
 2025-12-30 11:52:00 +01:00
Daniel Volz ba3ebd27f4 feat: add comprehensive test suite and CI pipeline 
- Add 402 unit tests with 61.7% code coverage
- Add Vitest configuration with coverage reporting
- Extract testable utility functions from services
- Create test.yml workflow (runs on PR and push to main)
- Update docker-build.yml to require tests before building
- Add scheduler-utils.ts and server-config.ts for testable code

Test files added:
- auth.test.ts, medications.test.ts, planner.test.ts
- settings.test.ts, doses.test.ts, share.test.ts
- database.test.ts, server.test.ts, services.test.ts
- env.test.ts, translations.test.ts, integration.test.ts
- e2e-routes.test.ts, stock-calculation.test.ts
 2025-12-30 11:14:52 +01:00
Daniel Volz 093aa419af chore: release v1.0.2 2025-12-29 23:55:00 +01:00
Daniel Volz 2b59233af2 chore: release v1.0.1 2025-12-29 22:34:52 +01:00
Daniel Volz f341a2aad2 feat: update package versions to 1.0.0 and enhance release script for secondary remote support 2025-12-29 22:33:23 +01:00
dependabot[bot] 2bf5ec557f build(deps): bump nodemailer from 6.10.1 to 7.0.11 in /backend 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 6.10.1 to 7.0.11.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v6.10.1...v7.0.11)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 7.0.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-28 21:30:36 +00:00
Daniel Volz 3ffdb8a5fe feat(oidc): implement OIDC authentication flow and user management 2025-12-28 01:13:03 +01:00
Daniel Volz 5900fddb2d feat: simplify environment configuration by hardcoding token TTLs and removing unnecessary variables 2025-12-25 14:54:38 +01:00
Daniel Volz 738513a3ba refactor: rename project to MedAssist-ng and update configurations 
- Updated environment variables in .env.example for production setup.
- Changed project references from MedAssist to MedAssist-ng in documentation and code.
- Adjusted Docker configurations for new image names and ports.
- Removed deprecated push-images.sh script and added docker-compose.dev.yml for development.
- Updated translation files to reflect new project name.
- Ensured all email notifications and headers reflect the new branding.
 2025-12-24 13:01:53 +01:00
Daniel Volz a0e879e8d2 Refactor code structure for improved readability and maintainability 2025-12-20 20:48:23 +01:00
Daniel Volz ce02ab8372 feat: add email notification settings and test email functionality 
- Created a new migration to add email settings to the database.
- Implemented routes for managing notification settings, including retrieving and updating settings.
- Added functionality to send test emails using SMTP configuration from environment variables.
 2025-12-20 16:07:20 +01:00
Daniel Volz c61814fa23 Update helmet for Fastify 5 2025-12-19 14:05:03 +01:00
Daniel Volz d046f8316d Use Node 25 images and update sensible 2025-12-19 13:15:32 +01:00
Daniel Volz 47f8494795 Initial commit 2025-12-19 13:09:53 +01:00