simon/ifb-schulapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
18 Commits 1 Branch 0 Tags
78f3cb6fb481423809313033d7fa8afdbbb27965
Commit Graph

4 Commits

Author SHA1 Message Date
Simon 396148aea2 feat: email verification via Resend + admin user management 
- Add email verification flow: register sends verify link, login blocks unverified accounts, 24h token expiry, resend endpoint (3/h rate limit).
- Add mailer module using Resend with branded HTML + plaintext template.
- Extend admin dashboard: verified-status column, toggle verify/unverify buttons, promote/demote admin role, delete any non-self user.
- Migrate users table: email_verified, verify_token, verify_expires columns.
- Load env via dotenv; add .env to gitignore.
 2026-04-18 01:33:45 +02:00
Simon b2de630983 harden security: enforce JWT_SECRET, helmet, CSP, stricter rate limits 
- Require JWT_SECRET env var (fatal exit if missing)
- Add helmet middleware with custom CSP
- Cookie Secure flag when NODE_ENV=production
- requireAuth re-verifies user.status from DB on every request
- class_events DELETE restricted to creator or admin
- Rate limit /register (5/hr) and PUT /me/password (5/15min)
- Password minimum 6 to 8 chars
- crudRoutes truncates strings to 1000 chars
- Remove application/octet-stream from allowed upload MIMEs
 2026-04-17 23:40:27 +02:00
Simon 8f75bc6a10 feat: add TOTP 2FA with QR code and manual secret entry 2026-04-17 22:56:39 +02:00
Simon db5efd8ed9 clean initial commit 2026-04-17 00:12:47 +02:00