tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	3e9e6c7f89	feat(server): add security middleware and website-specific routes Server Infrastructure Updates: - Added response sanitization middleware (fixes Date serialization) - Added CSRF protection middleware (double-submit cookie pattern) - Enhanced rate limiting (public, form, auth limiters) - Added cache control middleware for static assets - Added cookie parser for CSRF support Route Organization: - Reorganized routes for website (auth, documents, blog, newsletter) - Separated admin routes with /admin prefix - Added koha routes for donations - Added demo routes for interactive demonstrations - Dev/test routes only in development environment Config Updates: - Updated app config for website platform - Added website-specific configuration options Model Updates: - Updated model exports for website collections - Added blog, media, newsletter models These changes support the website platform while maintaining the underlying Tractatus governance framework.	2025-10-23 10:57:20 +13:00
TheFlow	d44044c521	refactor: remove project-specific code and fix broken imports (Phase 7) CRITICAL FIX: src/routes/index.js was importing 10 non-existent route files - Repository would CRASH ON STARTUP REMOVED (8 files): - src/config/currencies.config.js - Koha donation system (10 currencies, exchange rates) - src/routes/hooks-metrics.routes.js - Required deleted auth.middleware - src/routes/sync-health.routes.js - Required deleted auth.middleware - src/utils/security-logger.js - Hardcoded /var/log/tractatus paths, OUR inst_046 - scripts/seed-admin.js - Required deleted User.model - scripts/validate-deployment.js - OUR deployment validation (inst_025) - systemd/tractatus-dev.service - OUR server at /var/www/tractatus - systemd/tractatus-prod.service - OUR production server config REWRITTEN (2 files): src/routes/index.js - Removed imports: auth, documents, blog, newsletter, media, cases, admin, koha, demo, test - Removed imports: hooks-metrics, sync-health (just deleted) - Keep only: rules, projects, audit, governance (framework routes) - Removed website endpoint documentation - Updated to framework v3.5.0 src/config/app.config.js - Removed: JWT config (auth system deleted) - Removed: admin.email = john.stroh.nz@pm.me (hardcoded project-specific) - Removed: features.aiCuration/mediaTriage/caseSubmissions (website features) - Keep only: server, mongodb, logging, security (rate limiting), CORS - Now generic template for implementers RESULT: Repository can now start without errors, all imports resolve 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-21 22:06:43 +13:00
TheFlow	6285adc572	feat: add Express server foundation with middleware Configuration: - app.config.js: Centralized configuration (ports, MongoDB, JWT, features) - Feature flags for AI curation, media triage, case submissions Middleware: - auth.middleware.js: JWT authentication, role-based access control - validation.middleware.js: Input validation, sanitization, ObjectId checks - error.middleware.js: Global error handling, async wrapper, 404 handler Express Server (src/server.js): - Security: Helmet, CORS, rate limiting - Request logging with Winston - Health check endpoint - MongoDB connection with graceful shutdown - Static file serving - Temporary homepage showing development status Features: - Production-ready error handling - MongoDB duplicate key detection - JWT token validation - XSS protection via sanitization - Rate limiting (100 req / 15min per IP) - Graceful shutdown (SIGTERM/SIGINT) Status: Server foundation complete, ready for API routes Port: 9000 Database: tractatus_dev (MongoDB 27017)	2025-10-06 23:56:12 +13:00

Author

SHA1

Message

Date

TheFlow

3e9e6c7f89

feat(server): add security middleware and website-specific routes

Server Infrastructure Updates:
- Added response sanitization middleware (fixes Date serialization)
- Added CSRF protection middleware (double-submit cookie pattern)
- Enhanced rate limiting (public, form, auth limiters)
- Added cache control middleware for static assets
- Added cookie parser for CSRF support

Route Organization:
- Reorganized routes for website (auth, documents, blog, newsletter)
- Separated admin routes with /admin prefix
- Added koha routes for donations
- Added demo routes for interactive demonstrations
- Dev/test routes only in development environment

Config Updates:
- Updated app config for website platform
- Added website-specific configuration options

Model Updates:
- Updated model exports for website collections
- Added blog, media, newsletter models

These changes support the website platform while maintaining the
underlying Tractatus governance framework.

2025-10-23 10:57:20 +13:00

TheFlow

d44044c521

refactor: remove project-specific code and fix broken imports (Phase 7)

CRITICAL FIX: src/routes/index.js was importing 10 non-existent route files
- Repository would CRASH ON STARTUP

REMOVED (8 files):
- src/config/currencies.config.js - Koha donation system (10 currencies, exchange rates)
- src/routes/hooks-metrics.routes.js - Required deleted auth.middleware
- src/routes/sync-health.routes.js - Required deleted auth.middleware
- src/utils/security-logger.js - Hardcoded /var/log/tractatus paths, OUR inst_046
- scripts/seed-admin.js - Required deleted User.model
- scripts/validate-deployment.js - OUR deployment validation (inst_025)
- systemd/tractatus-dev.service - OUR server at /var/www/tractatus
- systemd/tractatus-prod.service - OUR production server config

REWRITTEN (2 files):
src/routes/index.js
- Removed imports: auth, documents, blog, newsletter, media, cases, admin, koha, demo, test
- Removed imports: hooks-metrics, sync-health (just deleted)
- Keep only: rules, projects, audit, governance (framework routes)
- Removed website endpoint documentation
- Updated to framework v3.5.0

src/config/app.config.js
- Removed: JWT config (auth system deleted)
- Removed: admin.email = john.stroh.nz@pm.me (hardcoded project-specific)
- Removed: features.aiCuration/mediaTriage/caseSubmissions (website features)
- Keep only: server, mongodb, logging, security (rate limiting), CORS
- Now generic template for implementers

RESULT: Repository can now start without errors, all imports resolve

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-21 22:06:43 +13:00

TheFlow

6285adc572

feat: add Express server foundation with middleware

Configuration:
- app.config.js: Centralized configuration (ports, MongoDB, JWT, features)
- Feature flags for AI curation, media triage, case submissions

Middleware:
- auth.middleware.js: JWT authentication, role-based access control
- validation.middleware.js: Input validation, sanitization, ObjectId checks
- error.middleware.js: Global error handling, async wrapper, 404 handler

Express Server (src/server.js):
- Security: Helmet, CORS, rate limiting
- Request logging with Winston
- Health check endpoint
- MongoDB connection with graceful shutdown
- Static file serving
- Temporary homepage showing development status

Features:
- Production-ready error handling
- MongoDB duplicate key detection
- JWT token validation
- XSS protection via sanitization
- Rate limiting (100 req / 15min per IP)
- Graceful shutdown (SIGTERM/SIGINT)

Status: Server foundation complete, ready for API routes
Port: 9000
Database: tractatus_dev (MongoDB 27017)

2025-10-06 23:56:12 +13:00

3 commits