ppt-tool

Oliver/ppt-tool

Fork 0

Commit graph

Author	SHA1	Message	Date
Vadym Samoilenko	4eb28ae819	Fix RLS session variables syntax - PostgreSQL SET LOCAL doesn't support parameterized queries - Use string formatting (safe: user.id is UUID, role is enum) - Fixes 'syntax error at or near $1' error Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2026-02-27 20:26:03 +00:00
Vadym Samoilenko	4f391a04e8	Complete critical security improvements (P0.5-P0.8) P0.5: Database Row-Level Security (RLS) - CRITICAL - Created Alembic migration for RLS policies on all client-scoped tables - Policies for: presentations, master_decks, brand_configs, slides, templates - Updated get_async_session to set PostgreSQL session variables - Multi-tenant isolation now enforced at database level (defense-in-depth) - Session variables: app.current_user_id, app.user_role P0.6: Safe Error Messages - Created safe_exception_handler to prevent info disclosure - Logs full errors internally with context (user_id, path, method) - Returns generic "internal error" message to clients - Preserves HTTPException details (intentional error messages) P0.7: Security Headers - Created SecurityHeadersMiddleware with comprehensive headers - Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection - CSP, Referrer-Policy, Permissions-Policy, HSTS - Updated nginx.conf with matching security headers P0.8: Database Connection Pool Optimization - Increased pool_size from 5 to 20 connections - Added max_overflow of 40 for burst traffic - Enabled pool_pre_ping for connection health checks - Pool recycle after 1 hour to prevent stale connections - Configurable via DB_POOL_SIZE, DB_MAX_OVERFLOW, DB_POOL_RECYCLE All critical pre-launch security tasks complete. System now has: ✅ CORS protection ✅ Rate limiting ✅ Request size limits ✅ Database-level tenant isolation (RLS) ✅ Safe error handling ✅ Security headers ✅ Optimized connection pooling Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2026-02-27 18:33:58 +00:00
Vadym Samoilenko	cf21ba4516	Phase 1-2: Foundation + Admin Panel & Client Management Phase 1 (Foundation): - Project restructure (presenton-main → backend/ + frontend/) - Database schema (8 new models, Alembic config, seed script) - Auth (Azure AD SSO + dev bypass, JWT sessions, AuthMiddleware) - RBAC (access_service, rbac_middleware, admin routers) - Audit logging (fire-and-forget, AuditMiddleware, admin router) - i18n (react-i18next with 5 namespace files) Phase 2 (Admin Panel & Client Management): - Admin panel shell (sidebar layout, role guard, 12 pages) - Redux admin slice with 18 async thunks - User management (role changes, deactivation) - Client management (CRUD, brand config, team management) - Brand config editor (colors, fonts, logos, voice rules) - Master deck upload & parser (PPTX → HTML → React pipeline) - Audit log viewer with filters and CSV/JSON export Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 15:37:17 +00:00

Author

SHA1

Message

Date

Vadym Samoilenko

4eb28ae819

Fix RLS session variables syntax

- PostgreSQL SET LOCAL doesn't support parameterized queries
- Use string formatting (safe: user.id is UUID, role is enum)
- Fixes 'syntax error at or near $1' error

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2026-02-27 20:26:03 +00:00

Vadym Samoilenko

4f391a04e8

Complete critical security improvements (P0.5-P0.8)

P0.5: Database Row-Level Security (RLS) - CRITICAL
- Created Alembic migration for RLS policies on all client-scoped tables
- Policies for: presentations, master_decks, brand_configs, slides, templates
- Updated get_async_session to set PostgreSQL session variables
- Multi-tenant isolation now enforced at database level (defense-in-depth)
- Session variables: app.current_user_id, app.user_role

P0.6: Safe Error Messages
- Created safe_exception_handler to prevent info disclosure
- Logs full errors internally with context (user_id, path, method)
- Returns generic "internal error" message to clients
- Preserves HTTPException details (intentional error messages)

P0.7: Security Headers
- Created SecurityHeadersMiddleware with comprehensive headers
- Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection
- CSP, Referrer-Policy, Permissions-Policy, HSTS
- Updated nginx.conf with matching security headers

P0.8: Database Connection Pool Optimization
- Increased pool_size from 5 to 20 connections
- Added max_overflow of 40 for burst traffic
- Enabled pool_pre_ping for connection health checks
- Pool recycle after 1 hour to prevent stale connections
- Configurable via DB_POOL_SIZE, DB_MAX_OVERFLOW, DB_POOL_RECYCLE

All critical pre-launch security tasks complete. System now has:
✅ CORS protection
✅ Rate limiting
✅ Request size limits
✅ Database-level tenant isolation (RLS)
✅ Safe error handling
✅ Security headers
✅ Optimized connection pooling

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2026-02-27 18:33:58 +00:00

Vadym Samoilenko

cf21ba4516

Phase 1-2: Foundation + Admin Panel & Client Management

Phase 1 (Foundation):
- Project restructure (presenton-main → backend/ + frontend/)
- Database schema (8 new models, Alembic config, seed script)
- Auth (Azure AD SSO + dev bypass, JWT sessions, AuthMiddleware)
- RBAC (access_service, rbac_middleware, admin routers)
- Audit logging (fire-and-forget, AuditMiddleware, admin router)
- i18n (react-i18next with 5 namespace files)

Phase 2 (Admin Panel & Client Management):
- Admin panel shell (sidebar layout, role guard, 12 pages)
- Redux admin slice with 18 async thunks
- User management (role changes, deactivation)
- Client management (CRUD, brand config, team management)
- Brand config editor (colors, fonts, logos, voice rules)
- Master deck upload & parser (PPTX → HTML → React pipeline)
- Audit log viewer with filters and CSV/JSON export

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-26 15:37:17 +00:00

3 commits