- Migrated all admin views from inline JS string templates to EJS - Integrated SmartAdmin template with dark sidebar, fixed header, CSS grid - Added express-ejs-layouts for master layout wrapper - Security: - CSRF protection (double-submit cookie) - Rate limiting on /login (5/15min) - Token revocation via jti + globalLogoutTimestamp - Re-auth (reauth_token) for destructive endpoints - Settings whitelist (ALLOWED_KEYS) + removed process.exit - Seed phrases no longer rendered in HTML (CSV export only) - Multer fileFilter for image uploads + safe filename generation - SQL injection fix (currency column allowlist) - Global error handler + asyncHandler wrapper - New files: csrf.js, errorHandler.js, error.ejs, all EJS templates - SmartAdmin assets: CSS, icons, webfonts, plugins, scripts
23 lines
370 B
Plaintext
23 lines
370 B
Plaintext
.env
|
|
node_modules/
|
|
tests/node_modules/
|
|
tests/screenshots/
|
|
tests/visual/baseline/
|
|
tests/visual/current/
|
|
tests/visual/diff/
|
|
tests/reports/
|
|
*.log
|
|
|
|
# SmartAdmin template — copied from APAW CBS repo, not tracked in downstream projects
|
|
templates/smartadmin/
|
|
|
|
# SQLite databases — never commit
|
|
db/*.db
|
|
db/*.db-wal
|
|
db/*.db-shm
|
|
|
|
# Root-level throwaway scripts
|
|
/*.mjs
|
|
|
|
/*.mjs
|