Files
telegram-shop/.gitignore
NW d4c476002c feat(admin): SmartAdmin template redesign + security hardening
- Migrated all admin views from inline JS string templates to EJS
- Integrated SmartAdmin template with dark sidebar, fixed header, CSS grid
- Added express-ejs-layouts for master layout wrapper
- Security:
  - CSRF protection (double-submit cookie)
  - Rate limiting on /login (5/15min)
  - Token revocation via jti + globalLogoutTimestamp
  - Re-auth (reauth_token) for destructive endpoints
  - Settings whitelist (ALLOWED_KEYS) + removed process.exit
  - Seed phrases no longer rendered in HTML (CSV export only)
  - Multer fileFilter for image uploads + safe filename generation
  - SQL injection fix (currency column allowlist)
  - Global error handler + asyncHandler wrapper
- New files: csrf.js, errorHandler.js, error.ejs, all EJS templates
- SmartAdmin assets: CSS, icons, webfonts, plugins, scripts
2026-07-06 17:42:54 +01:00

23 lines
370 B
Plaintext

.env
node_modules/
tests/node_modules/
tests/screenshots/
tests/visual/baseline/
tests/visual/current/
tests/visual/diff/
tests/reports/
*.log
# SmartAdmin template — copied from APAW CBS repo, not tracked in downstream projects
templates/smartadmin/
# SQLite databases — never commit
db/*.db
db/*.db-wal
db/*.db-shm
# Root-level throwaway scripts
/*.mjs
/*.mjs