20c16ab1e0
security: fix 3 critical vulnerabilities + dependency audit
...
CRITICAL FIXES:
- Remove hardcoded DB password from api/db.ts (was: 9qPRdCGGqM4o)
- Remove hardcoded API key from api/routes/wp-monitor.ts
- Add mandatory env var validation for DB_USER, DB_PASS, DB_NAME
- Add mandatory env var validation for WP_MONITOR_API_KEY
- Add connection timeouts to MySQL pool (10s/15s/30s)
VERIFIED:
- .env never committed to Git (credentials not exposed in repo)
- .gitignore working correctly
DEPENDENCIES:
- Fix qs vulnerability (GHSA-w7fw-mjwx-w883)
- npm audit: 1 low → 0 vulnerabilities
Related: AUDIT-REPORT.md vulnerabilities 1.1, 1.2, 1.3
Next: Implement rate limiting, CORS restrictions, input validation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-14 03:38:09 +00:00
a766f3a765
feat: add Node.js/Express API with real data from Desk CRM
...
- ✅ API completa em /api com TypeScript
- ✅ Google Calendar integration (pessoal + profissional)
- ✅ Queries diretas à BD: tasks, leads, projectos, billing, pipeline
- ✅ Endpoints: /api/dashboard, /api/monitor, /api/health
- ✅ Vite proxy configurado (/api → localhost:3001)
- ✅ App.tsx usa /api/dashboard (não mais dados mock)
- ✅ Migração completa do PHP (index.php + monitor.php)
- ✅ CHANGELOG.md criado para tracking
- ✅ Scripts npm: dev (paralelo), dev:api, dev:ui, start
Dependencies:
- express, cors, mysql2, googleapis
- concurrently, tsx (dev)
Breaking: PHP backend será descontinuado
See: CHANGELOG.md, api/README.md
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-04 03:26:24 +00:00
