Daniel Volz
cab0fcbba7
* fix: make dismissed doses robust against schedule/timezone changes - Store dismissedUntil date (YYYY-MM-DD) per medication instead of individual dose IDs - Add POST /medications/dismiss-until endpoint to set dismissed date - Add DELETE /medications/:id/dismiss-until endpoint to clear dismissed date - Update frontend to use medication-level dismissedUntil for filtering - Remove old dismissMissedDoses function from useDoses hook (was using dose IDs) - Add backward-compatible ALTER TABLE migration for dismissed_until column - Add 5 integration tests for dismiss-until functionality - Update test schemas with new column The old approach stored individual dose IDs which broke when schedule or timezone settings changed (dose IDs contain timestamps). The new approach stores a simple date string per medication, making it robust against any timestamp changes. * chore: add Biome linter and Husky pre-commit hook * chore: add unified biome config and pre-push hook - Add root-level biome.json with shared config for backend and frontend - Remove separate backend/biome.json and frontend/biome.json - Add .husky/pre-push hook to run backend tests before push - Update package.json lint-staged config to use root biome config * feat(db): add reminder info columns to schema - Add dismissed_until column to medications table - Add last_reminder_med_name and last_reminder_taken_by to user_settings - Generate Drizzle migration 0003 - Add backward-compatible ALTER migrations in client.ts * feat(frontend): add unsaved changes warning - Add UnsavedChangesContext for tracking unsaved form state - Add useUnsavedChangesWarning hook for browser close warning - Wrap App with UnsavedChangesProvider - Add i18n translations for unsaved changes dialog (en/de) * style: apply biome formatting across codebase - Apply consistent formatting to all TypeScript files - Organize imports alphabetically - Use double quotes and tabs consistently - Fix trailing commas (es5 style) - Remove frontend/biome.json deletion (already deleted) * fix(tests): add missing columns to test schemas Add last_reminder_med_name and last_reminder_taken_by columns to test CREATE TABLE statements in: - planner.test.ts - e2e-routes.test.ts - integration.test.ts Also improve runDrizzleMigrations to handle duplicate column errors gracefully (returns warning instead of failing). * fix(planner): add missing 'as unknown' type cast for request.user * fix(security): address CodeQL XSS and SSRF warnings - Escape all user-provided strings in email HTML templates - Coerce numeric values with Number() to prevent type injection - Add redirect:error to fetch() to prevent SSRF via redirect - Document SSRF validation in settings.ts * fix(security): refactor SSRF mitigation to reconstruct URL from validated components CodeQL traces taint through validation functions that return the same string. Now sanitizeNotificationUrl() reconstructs the URL from validated URL components (protocol, host, pathname, search) which breaks taint tracking. - Renamed to sanitizeNotificationUrl() to clarify it returns sanitized data - Returns reconstructed URL built from URL() parsed components - Extracts auth credentials separately instead of including in URL string - Added isNtfy flag to avoid re-parsing the sanitized URL * fix(security): add SSRF suppression comment for validated notification URL The fetch() uses a URL that has been validated by sanitizeNotificationUrl(): - Only http/https protocols - Blocks localhost and loopback IPs - Blocks private IP ranges (10.x, 172.16-31.x, 192.168.x, 169.254.x) - Blocks internal hostnames (.local, .internal, .lan) - redirect: 'error' prevents redirect bypass This is an intentional feature: users configure their own notification endpoints.
115 lines
4.6 KiB
TypeScript
115 lines
4.6 KiB
TypeScript
/**
|
|
* Shared SQL table creation statements for database initialization.
|
|
* Used by client.ts, migrate.ts, and test setup to avoid duplication.
|
|
*/
|
|
|
|
/**
|
|
* Get all SQL table creation statements as an array.
|
|
* Each statement creates a table if it doesn't exist.
|
|
*/
|
|
export function getTableCreationSQL(): string[] {
|
|
return [
|
|
`CREATE TABLE IF NOT EXISTS users (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
username text NOT NULL UNIQUE,
|
|
password_hash text,
|
|
avatar_url text,
|
|
auth_provider text NOT NULL DEFAULT 'local',
|
|
oidc_subject text,
|
|
is_active integer NOT NULL DEFAULT 1,
|
|
last_login_at integer,
|
|
created_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS medications (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
user_id integer NOT NULL,
|
|
name text NOT NULL,
|
|
generic_name text,
|
|
taken_by_json text NOT NULL DEFAULT '[]',
|
|
pack_count integer NOT NULL DEFAULT 1,
|
|
blisters_per_pack integer NOT NULL DEFAULT 1,
|
|
pills_per_blister integer NOT NULL DEFAULT 1,
|
|
loose_tablets integer NOT NULL DEFAULT 0,
|
|
pill_weight_mg integer,
|
|
usage_json text NOT NULL DEFAULT '[]',
|
|
every_json text NOT NULL DEFAULT '[]',
|
|
start_json text NOT NULL DEFAULT '[]',
|
|
image_url text,
|
|
expiry_date text,
|
|
notes text,
|
|
intake_reminders_enabled integer NOT NULL DEFAULT 0,
|
|
updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS user_settings (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
user_id integer NOT NULL UNIQUE,
|
|
email_enabled integer NOT NULL DEFAULT 0,
|
|
notification_email text,
|
|
email_stock_reminders integer NOT NULL DEFAULT 1,
|
|
email_intake_reminders integer NOT NULL DEFAULT 1,
|
|
shoutrrr_enabled integer NOT NULL DEFAULT 0,
|
|
shoutrrr_url text,
|
|
shoutrrr_stock_reminders integer NOT NULL DEFAULT 1,
|
|
shoutrrr_intake_reminders integer NOT NULL DEFAULT 1,
|
|
reminder_days_before integer NOT NULL DEFAULT 7,
|
|
repeat_daily_reminders integer NOT NULL DEFAULT 0,
|
|
skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0,
|
|
repeat_reminders_enabled integer NOT NULL DEFAULT 0,
|
|
reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30,
|
|
max_nagging_reminders integer NOT NULL DEFAULT 5,
|
|
low_stock_days integer NOT NULL DEFAULT 30,
|
|
normal_stock_days integer NOT NULL DEFAULT 90,
|
|
high_stock_days integer NOT NULL DEFAULT 180,
|
|
expiry_warning_days integer NOT NULL DEFAULT 90,
|
|
language text NOT NULL DEFAULT 'en',
|
|
stock_calculation_mode text NOT NULL DEFAULT 'automatic',
|
|
last_auto_email_sent text,
|
|
last_notification_type text,
|
|
last_notification_channel text,
|
|
updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS refresh_tokens (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
user_id integer NOT NULL,
|
|
token_id text NOT NULL UNIQUE,
|
|
expires_at integer NOT NULL,
|
|
rotated_at integer,
|
|
revoked integer NOT NULL DEFAULT 0,
|
|
created_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS share_tokens (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
user_id integer NOT NULL,
|
|
token text NOT NULL UNIQUE,
|
|
taken_by text NOT NULL,
|
|
schedule_days integer NOT NULL DEFAULT 30,
|
|
created_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
expires_at integer,
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS dose_tracking (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
user_id integer NOT NULL,
|
|
dose_id text NOT NULL,
|
|
taken_at integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
marked_by text,
|
|
dismissed integer NOT NULL DEFAULT 0,
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
`CREATE TABLE IF NOT EXISTS refill_history (
|
|
id integer PRIMARY KEY AUTOINCREMENT,
|
|
medication_id integer NOT NULL,
|
|
user_id integer NOT NULL,
|
|
packs_added integer NOT NULL DEFAULT 0,
|
|
loose_pills_added integer NOT NULL DEFAULT 0,
|
|
refill_date integer NOT NULL DEFAULT (strftime('%s','now')),
|
|
FOREIGN KEY (medication_id) REFERENCES medications(id) ON DELETE CASCADE,
|
|
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
|
|
)`,
|
|
];
|
|
}
|