ealmeida
c794e1b6d6
docs(observabilidade): CHANGELOG Fase 6C worklog import
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-04-23 03:07:37 +01:00
ealmeida
1eb4f246de
docs(observabilidade): CHANGELOG Fase 6A pattern detector
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-04-23 02:17:43 +01:00
ealmeida
d2452d4402
docs(observabilidade): v2.7.0 — Espelho MVP entregue
2026-04-23 01:25:06 +01:00
ealmeida
f1756829af
security: implement 6 high-severity vulnerability fixes
...
HIGH-SEVERITY FIXES (Fase 2):
1. Rate Limiting (Vulnerabilidade 2.1)
- express-rate-limit: 100 req/15min (prod), 1000 req/15min (dev)
- Applied to all /api/* routes
- Standard headers for retry-after
2. CORS Restrictions (Vulnerabilidade 2.2)
- Whitelist: dashboard.descomplicar.pt, desk.descomplicar.pt
- Localhost only in development
- CORS blocking logs
3. Input Validation with Zod (Vulnerabilidade 2.4)
- Generic validateRequest() middleware
- Schemas: WordPress Monitor, server metrics, dashboard, financial
- Applied to api/routes/wp-monitor.ts POST endpoint
- Detailed field-level error messages
4. Backend Authentication OIDC (Vulnerabilidade 2.5 - OPTIONAL)
- Enabled via OIDC_ENABLED=true
- Bearer token validation on all APIs
- Backward compatible (disabled by default)
5. SSH Key-Based Auth Migration (Vulnerabilidade 2.6)
- Script: /media/ealmeida/Dados/Dev/ClaudeDev/migrate-ssh-keys.sh
- Generates ed25519 key, copies to 6 servers
- Instructions to remove passwords from .env
- .env.example updated with SSH_PRIVATE_KEY_PATH
6. Improved Error Handling (Vulnerabilidade 2.5)
- Unique error IDs (UUID) for tracking
- Structured JSON logs in production
- Stack traces blocked in production
- Generic messages to client
FILES CHANGED:
- api/server.ts - Complete refactor with all security improvements
- api/middleware/validation.ts - NEW: Zod middleware and schemas
- api/routes/wp-monitor.ts - Added Zod validation on POST
- .env.example - Complete security documentation
- CHANGELOG.md - Full documentation of 9 fixes (3 critical + 6 high)
- package.json + package-lock.json - New dependencies
DEPENDENCIES ADDED:
- express-rate-limit@7.x
- zod@3.x
- express-openid-connect@2.x
AUDIT STATUS:
- npm audit: 0 vulnerabilities
- Hook Regra #47 : PASSED
PROGRESS:
- Phase 1 (Critical): 3/3 ✅ COMPLETE
- Phase 2 (High): 6/6 ✅ COMPLETE
- Phase 3 (Medium): 0/6 - Next
- Phase 4 (Low): 0/5 - Next
Related: AUDIT-REPORT.md vulnerabilities 2.1, 2.2, 2.4, 2.5, 2.6
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-14 04:09:50 +00:00
ealmeida
20c16ab1e0
security: fix 3 critical vulnerabilities + dependency audit
...
CRITICAL FIXES:
- Remove hardcoded DB password from api/db.ts (was: 9qPRdCGGqM4o)
- Remove hardcoded API key from api/routes/wp-monitor.ts
- Add mandatory env var validation for DB_USER, DB_PASS, DB_NAME
- Add mandatory env var validation for WP_MONITOR_API_KEY
- Add connection timeouts to MySQL pool (10s/15s/30s)
VERIFIED:
- .env never committed to Git (credentials not exposed in repo)
- .gitignore working correctly
DEPENDENCIES:
- Fix qs vulnerability (GHSA-w7fw-mjwx-w883)
- npm audit: 1 low → 0 vulnerabilities
Related: AUDIT-REPORT.md vulnerabilities 1.1, 1.2, 1.3
Next: Implement rate limiting, CORS restrictions, input validation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-14 03:38:09 +00:00
ealmeida
eb4e45186b
docs: add CWP Backup Tool monitoring to changelog (v2.5.0)
...
New backup_manager2 monitoring added to collect-backups.sh on CWP server.
Dashboard backups section now shows 5 items instead of 4.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-10 17:11:52 +00:00
ealmeida
4af01c0f36
fix: serve static files in production
...
- Added static file serving in Express for production
- Added SPA fallback for client-side routing
- Created Dockerfile with NODE_ENV=production
- Frontend now properly served at dash.descomplicar.pt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-04 23:43:36 +00:00
ealmeida
75f29ee6d5
fix: Monitor page now uses real API data
...
- Changed fetch URL from /api/monitor.php to /api/monitor
- Updated MonitorData interface to match API response structure
- Fixed stats calculation (MySQL returning strings instead of numbers)
- Updated mock data with realistic values from production DB
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-04 23:34:43 +00:00
ealmeida
bd21a8d511
fix: TypeScript errors in server-metrics service
2026-02-04 23:21:03 +00:00
ealmeida
13608a69bf
feat: WordPress Monitor API + Site Availability Checker
...
- Add POST /api/wp-monitor endpoint for WP plugin data
- Add GET /api/wp-monitor for listing monitored sites
- Add checkSiteAvailability() function for HTTP health checks
- Add checkAllSitesAvailability() for batch checking
- Add /api/scripts/check-sites.ts for cron execution
- Add POST /api/monitor/check-sites for manual trigger
DeskCRM Task: #1556
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-02-04 23:12:32 +00:00
ealmeida
853b2f526e
fix: API funcionando com dados reais + dotenv config
...
- Adiciona dotenv para carregar variáveis de ambiente
- Configura DB_HOST para servidor remoto (176.9.3.158)
- Cria endpoint /api/diagnostic para testes
- Actualiza título: "Plan EAL" → "Dashboard Descomplicar"
- Adiciona tsconfig.json para pasta /api
- Fix: Carrega .env antes de inicializar MySQL pool
Tarefa: #1556
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-04 03:46:34 +00:00
ealmeida
a766f3a765
feat: add Node.js/Express API with real data from Desk CRM
...
- ✅ API completa em /api com TypeScript
- ✅ Google Calendar integration (pessoal + profissional)
- ✅ Queries diretas à BD: tasks, leads, projectos, billing, pipeline
- ✅ Endpoints: /api/dashboard, /api/monitor, /api/health
- ✅ Vite proxy configurado (/api → localhost:3001)
- ✅ App.tsx usa /api/dashboard (não mais dados mock)
- ✅ Migração completa do PHP (index.php + monitor.php)
- ✅ CHANGELOG.md criado para tracking
- ✅ Scripts npm: dev (paralelo), dev:api, dev:ui, start
Dependencies:
- express, cors, mysql2, googleapis
- concurrently, tsx (dev)
Breaking: PHP backend será descontinuado
See: CHANGELOG.md, api/README.md
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-04 03:26:24 +00:00
ealmeida