Oliver/ppt-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
43 commits 2 branches 0 tags 21 MiB
Commit graph

8 commits

Author SHA1 Message Date
Vadym Samoilenko
4f391a04e8 Complete critical security improvements (P0.5-P0.8) 
P0.5: Database Row-Level Security (RLS) - CRITICAL
- Created Alembic migration for RLS policies on all client-scoped tables
- Policies for: presentations, master_decks, brand_configs, slides, templates
- Updated get_async_session to set PostgreSQL session variables
- Multi-tenant isolation now enforced at database level (defense-in-depth)
- Session variables: app.current_user_id, app.user_role

P0.6: Safe Error Messages
- Created safe_exception_handler to prevent info disclosure
- Logs full errors internally with context (user_id, path, method)
- Returns generic "internal error" message to clients
- Preserves HTTPException details (intentional error messages)

P0.7: Security Headers
- Created SecurityHeadersMiddleware with comprehensive headers
- Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection
- CSP, Referrer-Policy, Permissions-Policy, HSTS
- Updated nginx.conf with matching security headers

P0.8: Database Connection Pool Optimization
- Increased pool_size from 5 to 20 connections
- Added max_overflow of 40 for burst traffic
- Enabled pool_pre_ping for connection health checks
- Pool recycle after 1 hour to prevent stale connections
- Configurable via DB_POOL_SIZE, DB_MAX_OVERFLOW, DB_POOL_RECYCLE

All critical pre-launch security tasks complete. System now has:
 CORS protection
 Rate limiting
 Request size limits
 Database-level tenant isolation (RLS)
 Safe error handling
 Security headers
 Optimized connection pooling

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
 2026-02-27 18:33:58 +00:00
Vadym Samoilenko
c431d4ab45 Implement critical security fixes and modern design system (Pre-launch P0 tasks) 
Security Improvements (P0.0-P0.4):
- P0.0: Migrate to Gemini-only AI stack (simplified, single billing)
- P0.1: Fix CORS to restrict allowed origins from env (was *)
- P0.2: Remove hardcoded dev password, require env var
- P0.3: Add rate limiting (slowapi) - 3-10 req/min on sensitive endpoints
- P0.4: Add request size limits (100MB default via middleware)

New Features:
- Unified LLM service with Google Gemini priority
- OXML geometry extractor for layout parsing
- TSX validator for generated React components
- Client ID support in presentation requests with access control
- Configurable LLM/image timeouts via env vars

Modern Design System (P0.9 - partial):
- Enhanced CSS design tokens (primary, semantic colors, shadows)
- Typography scale (h1-h4, body variants, caption)
- Modern animations (fadeIn, slideIn, scaleIn)
- Updated Button component with better variants and hover effects
- Created unified Card and StatusBadge components
- Applied design system to Dashboard and Settings pages

Backend Improvements:
- Master deck parser simplification
- Slide-to-HTML endpoint cleanup (325 lines removed)
- Better error handling in prompts endpoint

Frontend Improvements:
- Settings UI simplified to show only Google/Gemini
- Dashboard uses CSS variables instead of hardcoded colors
- Improved button transitions and hover states

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
 2026-02-27 18:28:24 +00:00
Vadym Samoilenko
ff9cdffc32 Phase 5: Fix export, slide edit, static files; add README 
- Fix PPTX/PDF export: Puppeteer URL port mismatch (80 → 3000)
- Fix backend export_utils to use NEXT_INTERNAL_URL env var
- Add Chromium to frontend Dockerfile for Docker-based export
- Fix slide edit socket hang up with asyncio.wait_for() timeouts
- Add FastAPI StaticFiles mounts for /static and /app_data
- Add Next.js rewrite for /static/ to proxy to backend
- Show template thumbnail in master decks admin page
- Add error logging to ReviewWorkflow component
- Add Docker env vars for web service (APP_DATA_DIRECTORY, app_data volume)
- Add project README in English

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-27 15:40:36 +00:00
Vadym Samoilenko
d3d1667a79 Phase 2: Admin panel, analytics, storage, template pipeline, multi-provider LLM 
- Fix admin sidebar: remove duplicate Teams, add Storage nav item
- Analytics: client-scoped queries, super_admin sees all (including NULL client_id)
- Storage management: list/download/delete presentations with file metadata
- Settings page with brand config router
- AI usage tracking: new AIUsageModel, ai_usage_service, analytics endpoint
- Master deck → template bridge: _register_as_template creates TemplateModel
  + PresentationLayoutCodeModel so parsed layouts appear in template picker
- Multi-provider LLM vision in parser: Anthropic/Google/OpenAI with asyncio.to_thread
- Fix PPTX upload 400: accept by .pptx extension (browser sends octet-stream)
- Fix reparse FK violation: presentation_id=None for parse_master_deck jobs
- Worker job_timeout increased to 1800s for LLM-heavy master deck parsing
- PYTHONUNBUFFERED=1 in docker-compose worker for real-time log output
- Auth: clientId in /me response, dev-login cookie improvements
- Frontend: auth slice clientId, master-deck thumbnails, storage page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 23:39:34 +00:00
Vadym Samoilenko
c97841f6d1 Phase 6: Export & Polish — brand export, client dashboard, retention, analytics 
- Brand-enforced export pipeline (PPTX/PDF with auto brand fonts/colors/logo)
- Client library dashboard with two-level navigation (client grid → detail tabs)
- Data retention service with ARQ cron jobs (daily cleanup + weekly purge)
- Brand-adaptive UI theme via CSS custom properties (dynamic per client)
- Analytics dashboard with overview, usage, quality, and performance metrics

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 16:41:58 +00:00
Vadym Samoilenko
ad65f6fe2d Phase 5: Frontend Wizard & Editor — 5-step generation wizard, review workflow 
- New 5-step wizard flow at /generate/ (Upload → Configure → Outline → Generate → Edit)
- wizardSlice with localStorage persistence for cross-session state
- Upload page: drag & drop files, brief text input, file type badges
- Configure page: client/deck selectors, slide count slider, tone, language, instructions
- Outline review page: split-view with source content + outline editor, template selection
- Progress page: SSE streaming + polling fallback for real-time job progress
- Review workflow: status badge (Draft/In Review/Approved) with popover transitions
- Backend review endpoints: PUT status, POST comment, GET review info with audit logging
- Wizard API helpers: clients, master decks, file upload/decompose, job status/cancel

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 16:31:28 +00:00
Vadym Samoilenko
a0d73b3b63 Phase 4: Generation Pipeline — brand enforcement, enhanced LLM calls, ARQ job queue 
- Step 14: Brand enforcement service (font/color/logo replacement, WCAG contrast check, LLM prompt context)
- Step 15: Enhanced outline & slide content generation with brand context, content summary, "no hallucination" instructions
- Step 15b: LLM auto-fallback retry logic across providers (FALLBACK_LLM_PROVIDERS env)
- Step 16: Redis/ARQ job queue — worker entry point, presentation & master deck workers, job status/SSE endpoints, graceful fallback to BackgroundTasks when Redis unavailable

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 16:15:25 +00:00
Vadym Samoilenko
cf21ba4516 Phase 1-2: Foundation + Admin Panel & Client Management 
Phase 1 (Foundation):
- Project restructure (presenton-main → backend/ + frontend/)
- Database schema (8 new models, Alembic config, seed script)
- Auth (Azure AD SSO + dev bypass, JWT sessions, AuthMiddleware)
- RBAC (access_service, rbac_middleware, admin routers)
- Audit logging (fire-and-forget, AuditMiddleware, admin router)
- i18n (react-i18next with 5 namespace files)

Phase 2 (Admin Panel & Client Management):
- Admin panel shell (sidebar layout, role guard, 12 pages)
- Redux admin slice with 18 async thunks
- User management (role changes, deactivation)
- Client management (CRUD, brand config, team management)
- Brand config editor (colors, fonts, logos, voice rules)
- Master deck upload & parser (PPTX → HTML → React pipeline)
- Audit log viewer with filters and CSV/JSON export

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 15:37:17 +00:00