letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

chore(hardening): maintenance jobs, defense-in-depth, redis-backed public rate limit

Browse Source 
- maintenance worker now expires GDPR export bundles (db row + MinIO object)
  on the gdpr_exports.expires_at boundary, plus 90-day retention sweep on
  ai_usage_ledger; both jobs scheduled daily.
- portId scoping added to listClientRelationships and listClientExports
  (defense-in-depth — parent-resource gates already prevent cross-tenant
  reads, but service layer should enforce on its own).
- SELECT FOR UPDATE on parent client/company row inside add/update address
  transactions to serialize concurrent isPrimary toggles.
- public /interests + /residential-inquiries endpoints swap their
  in-memory ipHits maps for the redis sliding-window limiter via the
  new rateLimiters.publicForm config (5/hr/IP), so the cap survives
  restarts and is shared across worker processes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-04-29 01:52:41 +02:00
parent d9557edfc5
commit 43f68ca093
9 changed files with 252 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib/services/gdpr-export.service.ts
View File

@@ -246,7 +246,7 @@ export async function listClientExports(clientId: string, portId: string) {
if (!client || client.portId !== portId) throw new NotFoundError('Client');
return db.query.gdprExports.findMany({
where: eq(gdprExports.clientId, clientId),
where: and(eq(gdprExports.clientId, clientId), eq(gdprExports.portId, portId)),
orderBy: (t, { desc }) => [desc(t.createdAt)],
limit: 25,
});