audit: Tier 0 quick wins — EMAIL_REDIRECT_TO prod guard + storage routing + metadata masking

Tier 0.2: src/lib/env.ts now refuses boot when NODE_ENV=production AND EMAIL_REDIRECT_TO is set. Sendmail logs the rewrite at warn (was debug) so dev/staging windows where someone forgets to unset are immediately visible. Tier 0.6: backup_jobs.storage_path added to TABLES_WITH_STORAGE_KEYS in src/lib/storage/migrate.ts. Flipping the storage backend used to silently orphan every pg_dump artefact — last-resort recovery path is now actually portable. Tier 1.7: createAuditLog now runs metadata through maskSensitiveFields (was only applied to old/new value diffs). Portal-auth, crm-invite, hard-delete and email-accounts services were writing raw emails into this column unbounded. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 17:02:10 +02:00
parent a7b72801be
commit 0baca41693
13 changed files with 297 additions and 249 deletions
--- a/src/components/settings/user-settings.tsx
+++ b/src/components/settings/user-settings.tsx
@@ -165,7 +165,9 @@ export function UserSettings() {
      setOriginalUsername(next ?? '');
      setUsername(next ?? '');
      setUsernameMsg(
-        next ? `Username updated. You can now sign in with @${next} or your email.` : 'Username cleared.',
+        next
+          ? `Username updated. You can now sign in with @${next} or your email.`
+          : 'Username cleared.',
      );
    } catch (err: unknown) {
      setUsernameMsg(err instanceof Error ? err.message : 'Failed to save username');
@@ -377,11 +379,13 @@ export function UserSettings() {
                >
                  {saving === 'username' ? 'Saving…' : 'Save username'}
                </Button>
-                {usernameMsg && <span className="text-xs text-muted-foreground">{usernameMsg}</span>}
+                {usernameMsg && (
+                  <span className="text-xs text-muted-foreground">{usernameMsg}</span>
+                )}
              </div>
              <p className="text-xs text-muted-foreground">
-                Optional alias you can use to sign in instead of your email. 2–30 lowercase
-                letters, digits, dot, underscore, or hyphen.
+                Optional alias you can use to sign in instead of your email. 2–30 lowercase letters,
+                digits, dot, underscore, or hyphen.
              </p>
            </div>
            <div className="space-y-2 pt-2 border-t">