admin/shop-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
370 Commits 1 Branch 0 Tags
e092299a1135e428c040da4ff34c60360fce34af
Commit Graph

131 Commits

Author SHA1 Message Date
Kirill e092299a11 ыввы 2026-05-26 12:10:38 +05:00
Kirill e5e1e01c7e ыввы 2026-05-25 23:06:41 +05:00
Kirill 09c5e0cd50 ыввы 2026-05-25 21:14:19 +05:00
Kirill af6b249248 ыввы 2026-05-25 16:54:37 +05:00
Kirill 80e3cd1b30 fix: allow null comment in server validation, remove debug logging 2026-05-24 17:06:07 +05:00
Kirill 42c83b5d4e feat: support comment field in test-checklist API 2026-05-24 16:52:38 +05:00
Kirill 83ae974017 fix: align test-checklist error handling with project convention 2026-05-24 16:21:33 +05:00
Kirill dc1c004a82 feat: add admin test-checklist API routes 2026-05-24 16:18:19 +05:00
Kirill 88fedd675a пва 2026-05-24 15:10:24 +05:00
Kirill 8d4ff3ef62 Merge branch 'site-fixes' 2026-05-24 14:23:09 +05:00
Kirill e9b4edc792 пва 2026-05-24 14:22:58 +05:00
Kirill 2fe426b70a пва 2026-05-24 13:43:23 +05:00
Kirill d0d7eab77e пва 2026-05-23 18:47:35 +05:00
Kirill eee200ae04 Register ip-gate plugin before auth 2026-05-23 11:12:52 +05:00
Kirill 8001d7d32c fix: handle undefined SITE_ACCESS_IPS restore, add build403Html('') test 2026-05-23 11:12:00 +05:00
Kirill fd720572e7 fix: export build403Html, add unit test for undefined IP fallback 2026-05-23 11:09:21 +05:00
Kirill 5fdf49658f test: add ip-gate plugin tests 2026-05-23 11:06:57 +05:00
Kirill 51cc5832c3 fix: normalize IPv6-mapped IPv4 addresses in IP gate 2026-05-23 11:04:32 +05:00
Kirill 8ed2f0e9ba fix: simplify title and status message in 403 page 2026-05-23 11:01:37 +05:00
Kirill e22f084940 feat: add IP gate plugin with SITE_ACCESS_IPS env var support 2026-05-23 11:00:02 +05:00
Kirill bb78782b39 пва 2026-05-22 23:22:29 +05:00
Kirill d60270336e пва 2026-05-22 23:03:03 +05:00
Kirill f0af519ec1 fix: VK OAuth uses short UUID state + in-memory PKCE store instead of JWT 2026-05-22 21:02:33 +05:00
Kirill 9d7e7949b9 feat: migrate VK OAuth to VK ID flow with PKCE 2026-05-22 20:54:48 +05:00
Kirill bead725036 fix: strip trailing slash from SERVER_PUBLIC_URL to prevent double-slash in OAuth redirect_uri 2026-05-22 20:31:02 +05:00
Kirill 0f2ac862de feat: add WB_PVZ (Wildberries pickup) delivery carrier 2026-05-22 19:51:34 +05:00
Kirill 20e4b1e0ab feat: latin-only slugs, server-side avatar generation, remove unused User fields 2026-05-22 19:32:30 +05:00
Kirill 02c7d7ba36 fix: review avatar uses authorId instead of displayName, show reviews for hidden products 2026-05-22 19:14:22 +05:00
Kirill 4381121f25 feat: register SSE routes in server 2026-05-22 18:38:48 +05:00
Kirill e2a04d04a3 fix: add safeWrite guard and error handler for SSE socket 2026-05-22 18:37:55 +05:00
Kirill 5127d4a093 feat: add SSE route with EventBus bridge and tests 2026-05-22 18:33:49 +05:00
Kirill 55dc58cff8 fix: gate ADMIN_EMAIL test with explicit skip 2026-05-22 18:25:22 +05:00
Kirill 6b89f42269 test: add SSE route tests (TDD red) 2026-05-22 18:23:11 +05:00
Kirill 8fb01126b8 пва 2026-05-22 17:47:22 +05:00
Kirill bc85fa8e84 пва 2026-05-22 17:44:42 +05:00
Kirill 2b5c7fff5e fix(server): remove duplicate registerAuthRoutes call 2026-05-22 15:31:35 +05:00
Kirill b3b539b6fb fix(api): register auth routes 
Add missing registerAuthRoutes call in registerApiRoutes to enable
POST /api/auth/request-code, /verify-code, /register, /login,
/forgot-password, /reset-password, and PATCH /api/me/profile routes
 2026-05-22 15:21:55 +05:00
Kirill 49f24d7482 split auth.js into focused modules (Task 3) 
- auth-session.js: GET /api/me, GET /api/me/auth-methods
- auth-password.js: POST /api/me/password, POST /api/me/change-password
- auth-oauth.js: DELETE /api/me/oauth/:provider
- auth.js: kept only /api/auth/* routes + /api/me/profile
- api.js: registers new auth route modules
- tests split to separate files per module
 2026-05-22 15:19:30 +05:00
Kirill d79d02d5d1 refactor: remove email change functionality 2026-05-22 14:20:11 +05:00
Kirill ad43ff98b6 feat: add password change and reset via email code 2026-05-22 14:12:29 +05:00
Kirill 22282c5f4e fix: accept token as query param in authenticate, pass token to oauth link URL 2026-05-22 13:52:48 +05:00
Kirill 669b9aa45d test commit 2026-05-22 12:51:41 +05:00
Kirill b2ccc2a256 chore: fix lint issues, remove unused hasAvatar 2026-05-22 12:27:20 +05:00
Kirill 6bedf0b28a test(server): add password auth and account methods tests 2026-05-22 11:57:11 +05:00
Kirill abb14a49e0 feat(server): add auth-methods, set-password, unlink-oauth endpoints 2026-05-22 11:47:46 +05:00
Kirill c9fa05b7bf feat(server): add oauth link routes for account binding 2026-05-22 11:45:12 +05:00
Kirill 5f180fffaf refactor(server): oauth only email, remove profile requests, support account linking state 2026-05-22 11:41:40 +05:00
Kirill bb7b40ac45 fix(server): remove all avatarType references after DB column drop 2026-05-22 11:36:11 +05:00
Kirill c3e4f5bdd2 feat(server): add POST /api/auth/register and /api/auth/login 
- Add register endpoint with email/password validation, bcrypt hashing
- Add login endpoint with rate limiting per IP (5 attempts/min)
- Add helper functions: validatePassword, hashPassword, comparePassword, isAdminEmail
- Add checkLoginRateLimit for brute-force protection
- Add bcrypt dependency
- Remove avatarType column from User (migration)
 2026-05-22 11:26:00 +05:00
Kirill f6729210db feat: public admin avatar endpoint, real admin avatar in user chat 2026-05-21 21:50:07 +05:00