basil

pkartch/basil

Fork 0

Commit Graph

Author	SHA1	Message	Date
Paul R Kartchner	2d53b9e283	feat: add comprehensive authentication system with JWT and OAuth Some checks failed CI Pipeline / Lint Code (push) Has been cancelled Details CI Pipeline / Test API Package (push) Has been cancelled Details CI Pipeline / Test Web Package (push) Has been cancelled Details CI Pipeline / Test Shared Package (push) Has been cancelled Details CI Pipeline / Build All Packages (push) Has been cancelled Details CI Pipeline / Generate Coverage Report (push) Has been cancelled Details Docker Build & Deploy / Build Docker Images (push) Has been cancelled Details Docker Build & Deploy / Push Docker Images (push) Has been cancelled Details Docker Build & Deploy / Deploy to Staging (push) Has been cancelled Details Docker Build & Deploy / Deploy to Production (push) Has been cancelled Details E2E Tests / End-to-End Tests (push) Has been cancelled Details E2E Tests / E2E Tests (Mobile) (push) Has been cancelled Details Security Scanning / NPM Audit (push) Has been cancelled Details Security Scanning / Dependency License Check (push) Has been cancelled Details Security Scanning / Code Quality Scan (push) Has been cancelled Details Security Scanning / Docker Image Security (push) Has been cancelled Details Security Scanning / Security Summary (push) Has been cancelled Details Implement a complete authentication system with local email/password authentication, Google OAuth, JWT tokens, and role-based access control. Backend Features: - Database schema with User, RefreshToken, VerificationToken, RecipeShare models - Role-based access control (USER, ADMIN) - Recipe visibility controls (PRIVATE, SHARED, PUBLIC) - Email verification for local accounts - Password reset functionality - JWT access tokens (15min) and refresh tokens (7 days) - Passport.js strategies: Local, JWT, Google OAuth - bcrypt password hashing with 12 salt rounds - Password strength validation (min 8 chars, uppercase, lowercase, number) - Rate limiting on auth endpoints (5 attempts/15min) - Email service with styled HTML templates for verification and password reset API Endpoints: - POST /api/auth/register - Register with email/password - POST /api/auth/login - Login and get tokens - POST /api/auth/logout - Invalidate refresh token - POST /api/auth/refresh - Get new access token - GET /api/auth/verify-email/:token - Verify email address - POST /api/auth/resend-verification - Resend verification email - POST /api/auth/forgot-password - Request password reset - POST /api/auth/reset-password - Reset password with token - GET /api/auth/google - Initiate Google OAuth - GET /api/auth/google/callback - Google OAuth callback - GET /api/auth/me - Get current user info Security Middleware: - requireAuth - Protect routes requiring authentication - requireAdmin - Admin-only route protection - optionalAuth - Routes that work with or without auth - requireOwnership - Check resource ownership Admin Tools: - npm run create-admin - Interactive script to create admin users - verify-user-manual.ts - Helper script for testing Test Coverage: - 49 unit and integration tests (all passing) - Password utility tests (12 tests) - JWT utility tests (17 tests) - Auth middleware tests (12 tests) - Auth routes integration tests (8 tests) Dependencies Added: - passport, passport-local, passport-jwt, passport-google-oauth20 - bcrypt, jsonwebtoken - nodemailer - express-rate-limit, express-validator, cookie-parser Environment Variables Required: - JWT_SECRET, JWT_REFRESH_SECRET - JWT_EXPIRES_IN, JWT_REFRESH_EXPIRES_IN - GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET (optional) - SMTP configuration for email - APP_URL, API_URL 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-25 04:37:05 +00:00
Paul R Kartchner	33eadde671	feat: add recipe editing, image upload management, and UI improvements Some checks failed CI Pipeline / Test Shared Package (pull_request) Has been cancelled Details CI Pipeline / Build All Packages (pull_request) Has been cancelled Details CI Pipeline / Generate Coverage Report (pull_request) Has been cancelled Details CI Pipeline / Lint Code (pull_request) Has been cancelled Details CI Pipeline / Test API Package (pull_request) Has been cancelled Details CI Pipeline / Test Web Package (pull_request) Has been cancelled Details Docker Build & Deploy / Build Docker Images (pull_request) Has been cancelled Details Docker Build & Deploy / Push Docker Images (pull_request) Has been cancelled Details Docker Build & Deploy / Deploy to Staging (pull_request) Has been cancelled Details Docker Build & Deploy / Deploy to Production (pull_request) Has been cancelled Details E2E Tests / End-to-End Tests (pull_request) Has been cancelled Details E2E Tests / E2E Tests (Mobile) (pull_request) Has been cancelled Details Security Scanning / NPM Audit (pull_request) Has been cancelled Details Security Scanning / Dependency License Check (pull_request) Has been cancelled Details Security Scanning / Code Quality Scan (pull_request) Has been cancelled Details Security Scanning / Docker Image Security (pull_request) Has been cancelled Details Security Scanning / Security Summary (pull_request) Has been cancelled Details Added comprehensive recipe editing functionality with improved image handling and better UX for large file uploads. Features: - Recipe editing: Full CRUD support for recipes with edit page - Image management: Upload, replace, and delete recipe images - Upload feedback: Processing and uploading states for better UX - File size increase: Raised limit from 10MB to 20MB for images - Nginx configuration: Added client_max_body_size for large uploads Changes: - Created EditRecipe.tsx page for editing existing recipes - Created NewRecipe.tsx page wrapper for recipe creation - Created RecipeForm.tsx comprehensive form component with: - Simple and multi-section recipe modes - Image upload with confirmation dialogs - Processing state feedback during file handling - Smaller, button-style upload controls - Updated recipes.routes.ts: - Increased multer fileSize limit to 20MB - Added file validation for image types - Image upload now updates Recipe.imageUrl field - Added DELETE /recipes/:id/image endpoint - Automatic cleanup of old images when uploading new ones - Updated nginx.conf: Added client_max_body_size 20M for API proxy - Updated App.css: Improved upload button styling (smaller, more compact) - Updated RecipeForm.tsx: Better file processing feedback with setTimeout - Updated help text to reflect 20MB limit and WEBP support Technical Details: - Fixed static file serving path in index.ts - Added detailed logging for upload debugging - Improved TypeScript type safety in upload handlers - Better error handling and user feedback 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-30 05:31:12 +00:00

Author

SHA1

Message

Date

Paul R Kartchner

2d53b9e283

feat: add comprehensive authentication system with JWT and OAuth

CI Pipeline / Lint Code (push) Has been cancelled

Details

CI Pipeline / Test API Package (push) Has been cancelled

Details

CI Pipeline / Test Web Package (push) Has been cancelled

Details

CI Pipeline / Test Shared Package (push) Has been cancelled

Details

CI Pipeline / Build All Packages (push) Has been cancelled

Details

CI Pipeline / Generate Coverage Report (push) Has been cancelled

Details

Docker Build & Deploy / Build Docker Images (push) Has been cancelled

Details

Docker Build & Deploy / Push Docker Images (push) Has been cancelled

Details

Docker Build & Deploy / Deploy to Staging (push) Has been cancelled

Details

Docker Build & Deploy / Deploy to Production (push) Has been cancelled

Details

E2E Tests / End-to-End Tests (push) Has been cancelled

Details

E2E Tests / E2E Tests (Mobile) (push) Has been cancelled

Details

Security Scanning / NPM Audit (push) Has been cancelled

Details

Security Scanning / Dependency License Check (push) Has been cancelled

Details

Security Scanning / Code Quality Scan (push) Has been cancelled

Details

Security Scanning / Docker Image Security (push) Has been cancelled

Details

Security Scanning / Security Summary (push) Has been cancelled

Details

Implement a complete authentication system with local email/password
authentication, Google OAuth, JWT tokens, and role-based access control.

Backend Features:
- Database schema with User, RefreshToken, VerificationToken, RecipeShare models
- Role-based access control (USER, ADMIN)
- Recipe visibility controls (PRIVATE, SHARED, PUBLIC)
- Email verification for local accounts
- Password reset functionality
- JWT access tokens (15min) and refresh tokens (7 days)
- Passport.js strategies: Local, JWT, Google OAuth
- bcrypt password hashing with 12 salt rounds
- Password strength validation (min 8 chars, uppercase, lowercase, number)
- Rate limiting on auth endpoints (5 attempts/15min)
- Email service with styled HTML templates for verification and password reset

API Endpoints:
- POST /api/auth/register - Register with email/password
- POST /api/auth/login - Login and get tokens
- POST /api/auth/logout - Invalidate refresh token
- POST /api/auth/refresh - Get new access token
- GET /api/auth/verify-email/:token - Verify email address
- POST /api/auth/resend-verification - Resend verification email
- POST /api/auth/forgot-password - Request password reset
- POST /api/auth/reset-password - Reset password with token
- GET /api/auth/google - Initiate Google OAuth
- GET /api/auth/google/callback - Google OAuth callback
- GET /api/auth/me - Get current user info

Security Middleware:
- requireAuth - Protect routes requiring authentication
- requireAdmin - Admin-only route protection
- optionalAuth - Routes that work with or without auth
- requireOwnership - Check resource ownership

Admin Tools:
- npm run create-admin - Interactive script to create admin users
- verify-user-manual.ts - Helper script for testing

Test Coverage:
- 49 unit and integration tests (all passing)
- Password utility tests (12 tests)
- JWT utility tests (17 tests)
- Auth middleware tests (12 tests)
- Auth routes integration tests (8 tests)

Dependencies Added:
- passport, passport-local, passport-jwt, passport-google-oauth20
- bcrypt, jsonwebtoken
- nodemailer
- express-rate-limit, express-validator, cookie-parser

Environment Variables Required:
- JWT_SECRET, JWT_REFRESH_SECRET
- JWT_EXPIRES_IN, JWT_REFRESH_EXPIRES_IN
- GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET (optional)
- SMTP configuration for email
- APP_URL, API_URL

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-25 04:37:05 +00:00

Paul R Kartchner

33eadde671

feat: add recipe editing, image upload management, and UI improvements

CI Pipeline / Test Shared Package (pull_request) Has been cancelled

Details

CI Pipeline / Build All Packages (pull_request) Has been cancelled

Details

CI Pipeline / Generate Coverage Report (pull_request) Has been cancelled

Details

CI Pipeline / Lint Code (pull_request) Has been cancelled

Details

CI Pipeline / Test API Package (pull_request) Has been cancelled

Details

CI Pipeline / Test Web Package (pull_request) Has been cancelled

Details

Docker Build & Deploy / Build Docker Images (pull_request) Has been cancelled

Details

Docker Build & Deploy / Push Docker Images (pull_request) Has been cancelled

Details

Docker Build & Deploy / Deploy to Staging (pull_request) Has been cancelled

Details

Docker Build & Deploy / Deploy to Production (pull_request) Has been cancelled

Details

E2E Tests / End-to-End Tests (pull_request) Has been cancelled

Details

E2E Tests / E2E Tests (Mobile) (pull_request) Has been cancelled

Details

Security Scanning / NPM Audit (pull_request) Has been cancelled

Details

Security Scanning / Dependency License Check (pull_request) Has been cancelled

Details

Security Scanning / Code Quality Scan (pull_request) Has been cancelled

Details

Security Scanning / Docker Image Security (pull_request) Has been cancelled

Details

Security Scanning / Security Summary (pull_request) Has been cancelled

Details

Added comprehensive recipe editing functionality with improved image handling
and better UX for large file uploads.

**Features:**
- Recipe editing: Full CRUD support for recipes with edit page
- Image management: Upload, replace, and delete recipe images
- Upload feedback: Processing and uploading states for better UX
- File size increase: Raised limit from 10MB to 20MB for images
- Nginx configuration: Added client_max_body_size for large uploads

**Changes:**
- Created EditRecipe.tsx page for editing existing recipes
- Created NewRecipe.tsx page wrapper for recipe creation
- Created RecipeForm.tsx comprehensive form component with:
  - Simple and multi-section recipe modes
  - Image upload with confirmation dialogs
  - Processing state feedback during file handling
  - Smaller, button-style upload controls
- Updated recipes.routes.ts:
  - Increased multer fileSize limit to 20MB
  - Added file validation for image types
  - Image upload now updates Recipe.imageUrl field
  - Added DELETE /recipes/:id/image endpoint
  - Automatic cleanup of old images when uploading new ones
- Updated nginx.conf: Added client_max_body_size 20M for API proxy
- Updated App.css: Improved upload button styling (smaller, more compact)
- Updated RecipeForm.tsx: Better file processing feedback with setTimeout
- Updated help text to reflect 20MB limit and WEBP support

**Technical Details:**
- Fixed static file serving path in index.ts
- Added detailed logging for upload debugging
- Improved TypeScript type safety in upload handlers
- Better error handling and user feedback

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-30 05:31:12 +00:00

2 Commits