letsbe/monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement complete feature & security overhaul (21 items, 3 phases)
All checks were successful
Build and Push Docker Images / build-portal (push) Successful in 2m1s
Details
Build and Push Docker Images / build-infra (docker/db, monacousa-db) (push) Successful in 1m17s
Details
Build and Push Docker Images / build-infra (docker/kong, monacousa-kong) (push) Successful in 24s
Details
Build and Push Docker Images / build-infra (docker/migrate, monacousa-migrate) (push) Successful in 1m0s
Details

Browse Source 
Phase 1 - Security & Data Integrity:
- Atomic member ID generation via PostgreSQL sequence (018)
- Rate limiting on signup, input sanitization (XSS prevention)
- Onboarding photo upload, document upload validation (magic bytes, MIME, size)
- RLS fix for admin role assignment without self-escalation (019)
- Email notification preferences enforcement
- Audit logging across all admin/board mutation actions
- CSV export for membership, payments, and events reports
- Member approval workflow with email notifications (020)

Phase 2 - Functionality & Monitoring:
- Directory privacy settings (022) with board-level filtering
- Document full-text search with PostgreSQL tsvector/GIN index (023)
- Cron job monitoring dashboard with manual trigger (024)
- Settings audit log tab
- Bulk email broadcast with recipient filtering and personalization (025)

Phase 3 - Feature Completeness:
- Event type filtering on events page
- RSVP deadline control for event organizers (021)

Also includes Kong CORS configuration fix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-02-10 18:03:46 +01:00
parent fa99cda157
commit 5ff9f950a1
47 changed files with 2857 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
supabase/docker/kong.yml
View File

@@ -36,6 +36,34 @@ services:
preserve_host: false
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
## Auth Service (GoTrue)
- name: auth-v1-open
@@ -47,6 +75,34 @@ services:
- /auth/v1/verify
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1-open-callback
url: http://auth:9999/callback
@@ -57,6 +113,34 @@ services:
- /auth/v1/callback
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1-open-authorize
url: http://auth:9999/authorize
@@ -67,6 +151,34 @@ services:
- /auth/v1/authorize
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1
url: http://auth:9999/
@@ -77,6 +189,34 @@ services:
- /auth/v1/
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth
config:
hide_credentials: false
@@ -97,6 +237,34 @@ services:
- /rest/v1/
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth
config:
hide_credentials: false
@@ -117,6 +285,34 @@ services:
- /realtime/v1/websocket
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth
config:
hide_credentials: false
@@ -136,6 +332,34 @@ services:
- /realtime/v1/
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth
config:
hide_credentials: false
@@ -156,6 +380,34 @@ services:
- /storage/v1/object/public
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
## Storage Service - All other operations (auth required)
- name: storage-v1
@@ -167,6 +419,34 @@ services:
- /storage/v1/
plugins:
- name: cors
config:
origins:
- https://portal.monacousa.org
- https://monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth
config:
hide_credentials: false