egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
521 Commits 2 Branches 0 Tags
f4a28d009f42c4345520f3b4c69d786f65b954fc
Commit Graph

136 Commits

Author SHA1 Message Date
Eric Gullickson
a35e1a3aea Security fixes: Implement P0 critical vulnerability remediations 
Implemented 3 critical security fixes identified in audit report:

1. CRITICAL (CVSS 8.1): Replace Math.random() with crypto.randomBytes()
   - Location: documents.controller.ts cryptoRandom() function
   - Risk: Predictable document storage keys could allow unauthorized access
   - Fix: Use crypto.randomBytes(32).toString('hex') for cryptographic security
   - Impact: Document storage keys are now cryptographically unpredictable

2. HIGH (CVSS 7.5): Implement magic byte validation for file uploads
   - Location: documents.controller.ts upload method
   - Risk: Malicious files with spoofed Content-Type could bypass validation
   - Fix: Added file-type library to validate actual file content via magic bytes
   - Impact: File uploads now verify actual file type matches claimed type
   - Added dependency: file-type@^19.8.0

3. HIGH (CVSS 6.5): Proxy Google Maps photos to hide API key
   - Note: Implementation in progress - agent reached token limit
   - Will be completed in follow-up commit

Files modified:
- backend/package.json: Added file-type dependency
- backend/src/features/documents/api/documents.controller.ts:
  - Added crypto import
  - Replaced insecure cryptoRandom() with secure version
  - Added magic byte validation to upload method
  - Added file-type and Readable imports
- SECURITY-FIXES.md: Complete implementation guide for all fixes

Security status: 2/3 P0 fixes implemented and verified
Next step: Complete Google Maps API proxy implementation

Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2025-12-14 09:49:05 -06:00
Eric Gullickson
8376aee7ed Updates to database and API for dropdowns. 2025-11-11 10:29:02 -06:00
Eric Gullickson
b1755d415c Bug Fixes 2025-11-09 10:37:27 -06:00
Eric Gullickson
408a0736c0 Almost ready 2025-11-08 15:34:29 -06:00
Eric Gullickson
bb4a356b9e Google Maps Bug 2025-11-08 12:17:29 -06:00
Eric Gullickson
efbe9ba3c0 Vehicle Admin improvements 2025-11-07 16:03:50 -06:00
Eric Gullickson
daf1f71e2c Make/Model Data Loading 2025-11-07 13:51:47 -06:00
Eric Gullickson
d30c2bad8f Fix Admin Interface 2025-11-06 20:36:31 -06:00
Eric Gullickson
5630979adf Admin Page work - Still blank/broken 2025-11-06 16:29:11 -06:00
Eric Gullickson
858cf31d38 Admin settings fixed 2025-11-06 14:07:16 -06:00
Eric Gullickson
8174e0d5f9 Admin User v1 2025-11-05 19:04:06 -06:00
Eric Gullickson
0c3ed01f4b Pre-web changes 2025-11-05 11:04:48 -06:00
Eric Gullickson
c6f43fe86b Merge branch 'main' of github.com:ericgullickson/motovaultpro 2025-11-04 18:47:06 -06:00
Eric Gullickson
5dc58d73b9 Gas Station Feature 2025-11-04 18:46:46 -06:00
Eric Gullickson
d4156cf521 Stuff 2025-11-04 18:38:06 -06:00
Eric Gullickson
eeb20543fa Homepage Redesign 2025-11-03 14:06:54 -06:00
Eric Gullickson
3693ce5761 Docs Cleanup 2025-11-02 10:34:43 -06:00
Eric Gullickson
046c66fc7d Redesign 2025-11-01 21:27:42 -05:00
Eric Gullickson
5638d3960b Update 2025-10-16 19:20:30 -05:00
Eric Gullickson
775a1ff69e Added Documents Feature 2025-09-28 20:35:46 -05:00
Eric Gullickson
2e1b588270 UX Improvements 2025-09-26 14:45:03 -05:00
Eric Gullickson
82c66dafed Fixed mobile form 2025-09-25 14:21:23 -05:00
Eric Gullickson
8fd7973656 Fix Auth Errors 2025-09-22 10:27:10 -05:00
Eric gullickson
cb98336d5e k8s prepwork 2025-09-18 11:04:41 -05:00
Eric Gullickson
a052040e3a Initial Commit 2025-09-17 16:09:15 -05:00
Eric Gullickson
0cdb9803de Updated frameworks. 2025-08-25 12:40:27 -05:00
Eric Gullickson
e22d643ae3 Security Fixes 2025-08-24 14:39:50 -05:00
Eric Gullickson
9ad9e2ee7c Fix GitHub Actions build by adding missing repository files 
The build was failing because repository files were ignored by .gitignore:
- backend/src/features/*/data/*.repository.ts files were excluded by 'data/' pattern
- These files exist locally but were missing in CI, causing TS2307 module errors
- Controllers and services import these repositories, causing cascade failures

Changes:
- Updated .gitignore to allow TypeScript files in feature data directories
- Added fuel-logs.repository.ts, stations.repository.ts, vehicles.repository.ts
- Docker build now succeeds (tested with --no-cache)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-08-24 10:03:09 -05:00
Eric Gullickson
b534e92636 Modernization Project Complete. Updated to latest versions of frameworks. 2025-08-24 09:49:21 -05:00
Eric Gullickson
dc95fc109e Fix TypeScript import inconsistencies causing GitHub Actions build failures 
- Standardized pool imports to use default export consistently
- Changed from named import { pool } to default import pool
- Resolves "Cannot find module" errors in CI environment

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-08-23 12:15:44 -05:00
Eric Gullickson
5f67a904e0 fixed imports. Maybe. 2025-08-23 11:28:01 -05:00
Eric Gullickson
28ec351928 fix build, maybe 2025-08-23 11:08:23 -05:00
Eric Gullickson
a5270c33a8 Fix container build 2025-08-23 10:47:58 -05:00
Eric Gullickson
dc26c68d6f Improved docs for future AI 2025-08-23 10:20:03 -05:00
Eric Gullickson
6683f1eeff Very minimal MVP 2025-08-23 09:54:22 -05:00
Eric Gullickson
8f5117a4e2 MVP Build 2025-08-09 12:47:15 -05:00