port-nimara-client-portal

Commit Graph

Author	SHA1	Message	Date
Matt	a17c6ed162	KEYCLOAK AUTH FIX: Phase 4 - Email & Files Endpoints UPDATED ENDPOINTS (11 additional): - email/send.ts (CRITICAL: was using old auth) - email/fetch-thread.ts (CRITICAL: was using old auth) - email/fetch-thread-v2.ts (CRITICAL: was using old auth) - email/generate-eoi-document.ts (CRITICAL: was using old auth) - files/upload.ts (CRITICAL: was using old auth) - files/list.ts (SECURITY ISSUE: had NO auth) - files/download.ts (SECURITY ISSUE: had NO auth) - files/delete.ts (SECURITY ISSUE: had NO auth) - files/create-folder.ts (SECURITY ISSUE: had NO auth) - files/preview.ts (SECURITY ISSUE: had NO auth) - files/rename.ts (SECURITY ISSUE: had NO auth) AUTHENTICATION: All now support dual auth: - x-tag header (webhooks/external calls) - Keycloak session (logged-in users) PROGRESS: 28/47 endpoints completed (~60%) NEXT: Continue with remaining proxy, test & debug endpoints CRITICAL SECURITY FIXES: Found 6 file endpoints with NO authentication - major vulnerability patched!	2025-06-15 16:32:34 +02:00
Matt	7d5b39b29d	Add preview URL logging and clean up MinIO verbose logs - Add logging for generated preview URLs with truncated URL for security - Remove verbose logging from MinIO listObjectsV2 operations - Add proper handling for folder prefixes returned by MinIO - Keep only essential error/debug information in file listing	2025-06-04 17:15:03 +02:00
Matt	61cefa530e	Add MinIO file browser with upload, preview, and management features - Implement file browser UI with upload/download capabilities - Add API endpoints for file operations (list, upload, delete, preview) - Create FileUploader and FilePreviewModal components - Configure MinIO integration with environment variables - Add documentation for MinIO file browser setup	2025-06-04 16:32:50 +02:00

Author

SHA1

Message

Date

Matt

a17c6ed162

KEYCLOAK AUTH FIX: Phase 4 - Email & Files Endpoints

**UPDATED ENDPOINTS (11 additional):**
- email/send.ts (CRITICAL: was using old auth)
- email/fetch-thread.ts (CRITICAL: was using old auth)
- email/fetch-thread-v2.ts (CRITICAL: was using old auth)
- email/generate-eoi-document.ts (CRITICAL: was using old auth)
- files/upload.ts (CRITICAL: was using old auth)
- files/list.ts (SECURITY ISSUE: had NO auth)
- files/download.ts (SECURITY ISSUE: had NO auth)
- files/delete.ts (SECURITY ISSUE: had NO auth)
- files/create-folder.ts (SECURITY ISSUE: had NO auth)
- files/preview.ts (SECURITY ISSUE: had NO auth)
- files/rename.ts (SECURITY ISSUE: had NO auth)

**AUTHENTICATION:** All now support dual auth:
- x-tag header (webhooks/external calls)
- Keycloak session (logged-in users)

**PROGRESS:** 28/47 endpoints completed (~60%)
**NEXT:** Continue with remaining proxy, test & debug endpoints

**CRITICAL SECURITY FIXES:** Found 6 file endpoints with NO authentication - major vulnerability patched!

2025-06-15 16:32:34 +02:00

Matt

7d5b39b29d

Add preview URL logging and clean up MinIO verbose logs

- Add logging for generated preview URLs with truncated URL for security
- Remove verbose logging from MinIO listObjectsV2 operations
- Add proper handling for folder prefixes returned by MinIO
- Keep only essential error/debug information in file listing

2025-06-04 17:15:03 +02:00

Matt

61cefa530e

Add MinIO file browser with upload, preview, and management features

- Implement file browser UI with upload/download capabilities
- Add API endpoints for file operations (list, upload, delete, preview)
- Create FileUploader and FilePreviewModal components
- Configure MinIO integration with environment variables
- Add documentation for MinIO file browser setup

2025-06-04 16:32:50 +02:00

3 Commits