Commit Graph

19 Commits

Author SHA1 Message Date
Hannah_Bagga da99b695be just some things i needed to get back into the CRM 2026-07-03 16:05:03 +02:00
TroodonEnjoyer 37af1febcc Automate DB migrations + fix audit trigger + drop forced password change
- scripts/run-migrations.mjs: auto-applies unapplied .sql files on
  npm run dev/setup via psql, tracks state in _migrations table
- 020_fixes.sql: sets password_change_required=FALSE for all users,
  fixes audit_password_change UUID cast, re-enables trigger
- package.json: hook migrations into dev:precheck
- setup.mjs: hook into npm run setup
- run_all.sql: add 020_fixes.sql to migration order
2026-07-01 13:07:15 +02:00
Ace 2c3a8e5333 Added qwen to serve as an repair agent. 2026-06-29 15:06:03 +02:00
JCBSComputer 68483e9b60 Calender & Linked Added 2026-06-26 16:38:18 +02:00
Ace da702d6beb Changed from user specific, to open for everyone 2026-06-26 11:48:51 +02:00
Ace c9df7787d5 Added in loading bot 2026-06-26 11:10:58 +02:00
Hannah_Bagga 1465016b56 ..... 2026-06-25 15:15:35 +02:00
Ace b245b352e7 Updated Ai to pull from facebook, added a loading SVG to make user wait for server too boot up, and added commands that can be used to start off the AI exstraction 2026-06-24 17:17:38 +02:00
Hannah_Bagga 7bd9c17b5f Add Node.js AI server, fix dev scripts, ignore rust-ai/target 2026-06-23 11:07:55 +02:00
Ace 1adc4806fa Files Changed
Security Fixes
File	Change
.env.local	Placeholder JWT secret (rotate to random value: openssl rand -base64 64)
src/middleware.ts	Removed /api/auth/me bypass; API routes return JSON 401 (not 302 redirect)
src/lib/auth.ts	sameSite: "lax" → "strict" (create + destroy cookie); SVG name chars are pre-computed (no injection)
src/lib/avatar.ts	Added sanitizeName() — strips non-alphanumeric/safe chars, max 50 chars
src/app/api/users/route.ts	POST restricted to super_admin; validates role against whitelist ["sales","admin","super_admin","dev"]; validates active defaults to true
src/app/api/users/[id]/route.ts	DELETE restricted to super_admin; blocks self-deletion
src/app/api/leads/[id]/route.ts	GET: non-admin users filtered by assigned_to; PATCH: ownership check + score validated 0-100 range
src/app/api/leads/route.ts	DELETE: ownership + admin check; GET: ownership filter for non-admin users
src/app/api/conversations/[id]/messages/route.ts	GET/POST: verify user is a conversation_participant before access
rust-ai/src/main.rs	CORS: AllowOrigin::list(["localhost:3006", "127.0.0.1:3006"]) (was Any)
Performance Fixes
File	Change
src/app/api/leads/route.ts	Added limit (default 50), offset query params; ownership filter in SQL
src/app/api/users/route.ts	Added limit (default 50), offset query params
src/app/api/conversations/route.ts	Added LIMIT 50
src/app/api/leads/[id]/notes/route.ts	Added limit (default 50), offset query params
src/app/api/conversations/[id]/messages/route.ts	Added limit (default 100), offset, before query params
src/app/(dashboard)/chats/page.tsx	Pruned to 5 cached conversations; useMemo wraps messages/conversation/filteredConversations; otherParticipant moved outside component; added 10MB file size limit; recordingChunksRef cleared on discard
src/app/(dashboard)/leads/[id]/page.tsx	Optimistic status update rolls back on fetch failure
database/migrations/003_chat.sql	Added composite index idx_messages_conversation_created on (conversation_id, created_at DESC)
Code Quality Fixes
File	Change
src/lib/ai.ts	Removed dead getInstructions()/updateInstructions() (called nonexistent /ai/instructions)
src/lib/auth.ts	bcrypt.hash(password, 12) — kept (acceptable, OWASP-recommended)
src/app/login/page.tsx	"Forgot password?" button now shows alert to contact admin (was no-op)
src/components/users/user-form-dialog.tsx	Password min 6 → 8 chars
26 silent catch {} blocks across 16 files (see below)	Added console.warn("...") context messages
2026-06-23 09:45:30 +02:00
Ace b81f391df5 Got facebook to work test tomorrow with new accounts please 2026-06-22 22:00:56 +02:00
Ace 0bae5bb746 pakage update 2026-06-22 13:03:39 +02:00
Ace be5808f3fc AI somewhat added 2026-06-22 12:37:38 +02:00
caitlin 178677aa85 Merge branch 'main' of https://git.coastit.co.za/caitlin/CRM_ENVR 2026-06-18 13:27:33 +02:00
TroodonEnjoyer 5238b59140 Added 4 Demo Users, with Coast emails, Hierarchy, roles etc. 2026-06-18 13:13:29 +02:00
caitlin fd2d4ff976 I fixed the filter for all the leads 2026-06-18 12:15:44 +02:00
TroodonEnjoyer ee44e9fc47 Added Database 2026-06-17 16:43:09 +02:00
Ace d6d784cef3 Added in Logo's and worked on Avatars and Chats 2026-06-17 16:26:32 +02:00
caitlin 4898bf7142 Initial commit 2026-06-17 13:51:22 +02:00