tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	059dd43b72	security: complete Phase 0 Quick Wins implementation Phase 0 Complete (QW-1 through QW-8): ✅ Enhanced input validation with HTML sanitization ✅ Form rate limiting (5 req/min on all submission endpoints) ✅ Modern CSRF protection (SameSite cookies + double-submit pattern) ✅ Security audit logging (CSRF violations captured) ✅ Applied to all public form endpoints: - /api/cases/submit (case studies) - /api/media/inquiries (media inquiries) - /api/newsletter/subscribe (newsletter) New Middleware: - csrf-protection.middleware.js (replaces deprecated csurf package) - Enhanced input-validation.middleware.js applied to all forms Security Features Active: - Security headers (CSP, HSTS, X-Frame-Options, etc.) - Rate limiting (100 req/15min public, 5 req/min forms) - CSRF protection (double-submit cookie pattern) - HTML sanitization (XSS prevention) - Response sanitization (hide stack traces) - Security event logging Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046 Refs: docs/plans/security-implementation-roadmap.md Phase 0	2025-10-14 15:32:54 +13:00
TheFlow	29fa3956f9	feat: newsletter modal and deployment script enhancements Newsletter Modal Implementation: - Added modal subscription forms to blog pages - Improved UX with dedicated modal instead of anchor links - Location: public/blog.html, public/blog-post.html Blog JavaScript Enhancements: - Enhanced blog.js and blog-post.js with modal handling - Newsletter form submission logic - Location: public/js/blog.js, public/js/blog-post.js Deployment Script Improvements: - Added pre-deployment checks (server running, version parameters) - Enhanced visual feedback with status indicators (✓/✗/⚠) - Version parameter staleness detection - Location: scripts/deploy-full-project-SAFE.sh Demo Page Cleanup: - Minor refinements to demo pages - Location: public/demos/.html Routes Enhancement*: - Newsletter route additions - Location: src/routes/index.js 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-14 13:11:46 +13:00

Author

SHA1

Message

Date

TheFlow

059dd43b72

security: complete Phase 0 Quick Wins implementation

Phase 0 Complete (QW-1 through QW-8):
✅ Enhanced input validation with HTML sanitization
✅ Form rate limiting (5 req/min on all submission endpoints)
✅ Modern CSRF protection (SameSite cookies + double-submit pattern)
✅ Security audit logging (CSRF violations captured)
✅ Applied to all public form endpoints:
   - /api/cases/submit (case studies)
   - /api/media/inquiries (media inquiries)
   - /api/newsletter/subscribe (newsletter)

New Middleware:
- csrf-protection.middleware.js (replaces deprecated csurf package)
- Enhanced input-validation.middleware.js applied to all forms

Security Features Active:
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Rate limiting (100 req/15min public, 5 req/min forms)
- CSRF protection (double-submit cookie pattern)
- HTML sanitization (XSS prevention)
- Response sanitization (hide stack traces)
- Security event logging

Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046
Refs: docs/plans/security-implementation-roadmap.md Phase 0

2025-10-14 15:32:54 +13:00

TheFlow

29fa3956f9

feat: newsletter modal and deployment script enhancements

**Newsletter Modal Implementation**:
- Added modal subscription forms to blog pages
- Improved UX with dedicated modal instead of anchor links
- Location: public/blog.html, public/blog-post.html

**Blog JavaScript Enhancements**:
- Enhanced blog.js and blog-post.js with modal handling
- Newsletter form submission logic
- Location: public/js/blog.js, public/js/blog-post.js

**Deployment Script Improvements**:
- Added pre-deployment checks (server running, version parameters)
- Enhanced visual feedback with status indicators (✓/✗/⚠)
- Version parameter staleness detection
- Location: scripts/deploy-full-project-SAFE.sh

**Demo Page Cleanup**:
- Minor refinements to demo pages
- Location: public/demos/*.html

**Routes Enhancement**:
- Newsletter route additions
- Location: src/routes/index.js

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-14 13:11:46 +13:00

2 commits