mirror of
https://github.com/donpat1to/Schichtenplaner.git
synced 2025-11-30 22:45:46 +01:00
Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 822b170920 | |||
| c6dfa5b4c6 | |||
| d0be1b4a61 | |||
| b337fd0e0a | |||
| badccb4f55 | |||
| 9eb9afce1e | |||
| 17d68c2426 | |||
| cff2374f41 | |||
| 3a787875e6 | |||
| 0b46919e46 | |||
| 65cb3e72ba | |||
| dab5164704 | |||
| 7c63bee1b3 | |||
| 4c275993e6 | |||
| 5c925e3b54 | |||
| 11b6ee7672 | |||
| 19357d12c1 | |||
| 8ccd506b7d | |||
| e09979aa77 | |||
| 0eda1ac125 | |||
| 6aa9511fbe | |||
| ab24f5cf35 | |||
| 2e81ed48c4 | |||
| da2b3b0126 | |||
| 7a87c49703 |
@@ -1,27 +1,29 @@
|
||||
# === SCHICHTPLANER DOCKER COMPOSE ENVIRONMENT VARIABLES ===
|
||||
# Diese Datei wird von docker-compose automatisch geladen
|
||||
# .env.template
|
||||
# ============================================
|
||||
# DOCKER COMPOSE ENVIRONMENT TEMPLATE
|
||||
# Copy this file to .env and adjust values
|
||||
# ============================================
|
||||
|
||||
# Security
|
||||
JWT_SECRET=${JWT_SECRET:-your-secret-key-please-change}
|
||||
NODE_ENV=${NODE_ENV:-production}
|
||||
# Application settings
|
||||
NODE_ENV=production
|
||||
JWT_SECRET=your-secret-key-please-change
|
||||
HOSTNAME=localhost
|
||||
|
||||
# Security & Network
|
||||
TRUST_PROXY_ENABLED=false
|
||||
TRUSTED_PROXY_IPS=127.0.0.1,::1
|
||||
FORCE_HTTPS=false
|
||||
|
||||
# Database
|
||||
DB_PATH=${DB_PATH:-/app/data/database.db}
|
||||
DATABASE_PATH=/app/data/schichtplaner.db
|
||||
|
||||
# Server
|
||||
PORT=${PORT:-3002}
|
||||
# Optional features
|
||||
ENABLE_PRO=false
|
||||
DEBUG=false
|
||||
|
||||
# App Configuration
|
||||
APP_TITLE="Shift Planning App"
|
||||
ENABLE_PRO=${ENABLE_PRO:-false}
|
||||
# Port configuration
|
||||
APP_PORT=3002
|
||||
|
||||
# Trust Proxy Configuration
|
||||
TRUST_PROXY_ENABLED=false
|
||||
TRUSTED_PROXY_IPS= # Your load balancer/reverse proxy IPs
|
||||
TRUSTED_PROXY_HEADER=x-forwarded-for
|
||||
|
||||
# Rate Limiting Configuration
|
||||
RATE_LIMIT_WINDOW_MS=900000
|
||||
RATE_LIMIT_MAX_REQUESTS=100
|
||||
RATE_LIMIT_SKIP_PATHS=/api/health,/api/status
|
||||
RATE_LIMIT_WHITELIST=127.0.0.1,::1
|
||||
# ============================================
|
||||
# END OF TEMPLATE
|
||||
# ============================================
|
||||
6
.github/workflows/docker.yml
vendored
6
.github/workflows/docker.yml
vendored
@@ -83,9 +83,13 @@ jobs:
|
||||
with:
|
||||
node-version: '20'
|
||||
|
||||
- name: Create package-lock.json
|
||||
working-directory: .
|
||||
run: npm i --package-lock-only
|
||||
|
||||
- name: Install backend dependencies
|
||||
working-directory: ./backend
|
||||
run: npm install
|
||||
run: npm ci
|
||||
|
||||
- name: Run TypeScript check
|
||||
working-directory: ./backend
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -57,6 +57,7 @@ yarn-error.log*
|
||||
# Build outputs
|
||||
dist/
|
||||
build/
|
||||
package-lock.json
|
||||
|
||||
# Environment variables
|
||||
.env
|
||||
|
||||
33
Dockerfile
33
Dockerfile
@@ -1,22 +1,17 @@
|
||||
# Single stage build for workspaces
|
||||
FROM node:20-bullseye AS builder
|
||||
FROM node:20-bookworm AS builder
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Install Python + OR-Tools
|
||||
RUN apt-get update && apt-get install -y python3 python3-pip build-essential \
|
||||
&& pip install --no-cache-dir ortools
|
||||
|
||||
# Create symlink so python3 is callable as python
|
||||
RUN ln -sf /usr/bin/python3 /usr/bin/python
|
||||
|
||||
# Copy root package files first
|
||||
COPY package*.json ./
|
||||
COPY tsconfig.base.json ./
|
||||
COPY ecosystem.config.cjs ./
|
||||
|
||||
# Install root dependencies
|
||||
RUN npm install --only=production
|
||||
#RUN npm install --only=production
|
||||
RUN npm i --package-lock-only
|
||||
RUN npm ci
|
||||
|
||||
# Copy workspace files
|
||||
COPY backend/ ./backend/
|
||||
@@ -30,10 +25,7 @@ RUN npm install --workspace=frontend
|
||||
RUN npm run build --only=production --workspace=backend
|
||||
|
||||
# Build frontend
|
||||
RUN npm run build --workspace=frontend
|
||||
|
||||
# Verify Python and OR-Tools installation
|
||||
RUN python -c "from ortools.sat.python import cp_model; print('OR-Tools installed successfully')"
|
||||
RUN npm run build --only=production --workspace=frontend
|
||||
|
||||
# Production stage
|
||||
FROM node:20-bookworm
|
||||
@@ -57,7 +49,20 @@ COPY --from=builder /app/frontend/dist/ ./frontend-build/
|
||||
COPY --from=builder /app/ecosystem.config.cjs ./
|
||||
|
||||
COPY --from=builder /app/backend/src/database/ ./dist/database/
|
||||
COPY --from=builder /app/backend/src/database/ ./database/
|
||||
# should be obsolete with the line above
|
||||
#COPY --from=builder /app/backend/src/database/ ./database/
|
||||
|
||||
COPY --from=builder /app/backend/src/python-scripts/ ./python-scripts/
|
||||
|
||||
# Install Python + OR-Tools
|
||||
RUN apt-get update && apt-get install -y python3 python3-pip build-essential \
|
||||
&& pip install --no-cache-dir --break-system-packages ortools
|
||||
|
||||
# Create symlink so python3 is callable as python
|
||||
RUN ln -sf /usr/bin/python3 /usr/bin/python
|
||||
|
||||
# Verify Python and OR-Tools installation
|
||||
RUN python -c "from ortools.sat.python import cp_model; print('OR-Tools installed successfully')"
|
||||
|
||||
# Copy init script and env template
|
||||
COPY docker-init.sh /usr/local/bin/
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
"dependencies": {
|
||||
"@types/bcrypt": "^6.0.0",
|
||||
"@types/node": "24.9.2",
|
||||
"vite":"7.1.12",
|
||||
"vite": "7.1.12",
|
||||
"bcrypt": "^6.0.0",
|
||||
"bcryptjs": "^2.4.3",
|
||||
"express": "^4.18.2",
|
||||
@@ -25,7 +25,9 @@
|
||||
"uuid": "^9.0.0",
|
||||
"express-rate-limit": "8.1.0",
|
||||
"helmet": "8.1.0",
|
||||
"express-validator": "7.3.0"
|
||||
"express-validator": "7.3.0",
|
||||
"exceljs": "4.4.0",
|
||||
"playwright": "^1.37.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/bcryptjs": "^2.4.2",
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -72,8 +72,8 @@ const getRateLimitConfig = () => {
|
||||
return {
|
||||
windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '900000'), // 15 minutes default
|
||||
max: isProduction
|
||||
? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '100') // Stricter in production
|
||||
: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '1000'), // More lenient in development
|
||||
? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '1000') // Stricter in production
|
||||
: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '5000'), // More lenient in development
|
||||
|
||||
// Development-specific relaxations
|
||||
skip: (req: Request) => {
|
||||
@@ -112,7 +112,7 @@ export const apiLimiter = rateLimit({
|
||||
// Strict limiter for auth endpoints
|
||||
export const authLimiter = rateLimit({
|
||||
windowMs: 15 * 60 * 1000,
|
||||
max: parseInt(process.env.AUTH_RATE_LIMIT_MAX_REQUESTS || '5'),
|
||||
max: parseInt(process.env.AUTH_RATE_LIMIT_MAX_REQUESTS || '100'),
|
||||
message: {
|
||||
error: 'Zu viele Login-Versuche, bitte versuchen Sie es später erneut'
|
||||
},
|
||||
@@ -135,7 +135,7 @@ export const authLimiter = rateLimit({
|
||||
// Separate limiter for expensive endpoints
|
||||
export const expensiveEndpointLimiter = rateLimit({
|
||||
windowMs: 15 * 60 * 1000,
|
||||
max: parseInt(process.env.EXPENSIVE_ENDPOINT_LIMIT || '10'),
|
||||
max: parseInt(process.env.EXPENSIVE_ENDPOINT_LIMIT || '100'),
|
||||
message: {
|
||||
error: 'Zu viele Anfragen für diese Ressource'
|
||||
},
|
||||
|
||||
@@ -7,7 +7,9 @@ import {
|
||||
updateShiftPlan,
|
||||
deleteShiftPlan,
|
||||
createFromPreset,
|
||||
clearAssignments
|
||||
clearAssignments,
|
||||
exportShiftPlanToExcel,
|
||||
exportShiftPlanToPDF
|
||||
} from '../controllers/shiftPlanController.js';
|
||||
import {
|
||||
validateShiftPlan,
|
||||
@@ -30,4 +32,7 @@ router.put('/:id', validateId, validateShiftPlanUpdate, handleValidationErrors,
|
||||
router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), deleteShiftPlan);
|
||||
router.post('/:id/clear-assignments', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), clearAssignments);
|
||||
|
||||
router.get('/:id/export/excel', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), exportShiftPlanToExcel);
|
||||
router.get('/:id/export/pdf', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), exportShiftPlanToPDF);
|
||||
|
||||
export default router;
|
||||
@@ -113,6 +113,21 @@ const configureTrustProxy = (): string | string[] | boolean | number => {
|
||||
|
||||
app.set('trust proxy', configureTrustProxy());
|
||||
|
||||
app.use((req, res, next) => {
|
||||
const protocol = req.headers['x-forwarded-proto'] || req.protocol;
|
||||
const isHttps = protocol === 'https';
|
||||
|
||||
// Add security warning for HTTP requests
|
||||
if (!isHttps && process.env.NODE_ENV === 'production') {
|
||||
res.setHeader('X-Security-Warning', 'This application is being accessed over HTTP. For secure communication, please use HTTPS.');
|
||||
|
||||
// Log HTTP access in production
|
||||
console.warn(`⚠️ HTTP access detected: ${req.method} ${req.path} from ${req.ip}`);
|
||||
}
|
||||
|
||||
next();
|
||||
});
|
||||
|
||||
// Security headers
|
||||
app.use(helmet({
|
||||
contentSecurityPolicy: {
|
||||
@@ -126,6 +141,7 @@ app.use(helmet({
|
||||
objectSrc: ["'none'"],
|
||||
mediaSrc: ["'self'"],
|
||||
frameSrc: ["'none'"],
|
||||
upgradeInsecureRequests: process.env.FORCE_HTTPS === 'true' ? [] : null
|
||||
},
|
||||
},
|
||||
hsts: {
|
||||
|
||||
@@ -6,17 +6,22 @@ services:
|
||||
image: ghcr.io/donpat1to/schichtenplaner:v1.0.0
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- JWT_SECRET=${JWT_SECRET:-your-secret-key-please-change}
|
||||
ports:
|
||||
- "3002:3002"
|
||||
- JWT_SECRET=${JWT_SECRET}
|
||||
- TRUST_PROXY_ENABLED=true
|
||||
- TRUSTED_PROXY_IPS=nginx-proxy,172.0.0.0/8,10.0.0.0/8,192.168.0.0/16
|
||||
- FORCE_HTTPS=${FORCE_HTTPS:-false}
|
||||
networks:
|
||||
- app-network
|
||||
volumes:
|
||||
- app_data:/app/data
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:3002/api/health"]
|
||||
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/api/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
expose:
|
||||
- "3002"
|
||||
|
||||
volumes:
|
||||
app_data:
|
||||
178
frontend/donpat1to.svg
Normal file
178
frontend/donpat1to.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 102 KiB |
@@ -2,7 +2,7 @@
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
|
||||
<link rel="icon" type="image/svg+xml" href="/donpat1to.svg" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Shift Planning App</title>
|
||||
</head>
|
||||
|
||||
@@ -7,7 +7,9 @@
|
||||
"react": "^19.0.0",
|
||||
"react-dom": "^19.0.0",
|
||||
"react-router-dom": "^6.28.0",
|
||||
"date-fns": "4.1.0"
|
||||
"date-fns": "4.1.0",
|
||||
"@vitejs/plugin-react": "^4.3.3",
|
||||
"vite": "^6.0.7"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/node": "20.19.23",
|
||||
@@ -25,7 +27,9 @@
|
||||
"esbuild": "^0.21.0",
|
||||
"terser": "5.44.0",
|
||||
"babel-plugin-transform-remove-console": "6.9.4",
|
||||
"framer-motion": "12.23.24"
|
||||
"framer-motion": "12.23.24",
|
||||
"file-saver": "2.0.5",
|
||||
"@types/file-saver": "2.0.5"
|
||||
},
|
||||
"scripts": {
|
||||
"dev": "vite dev",
|
||||
|
||||
@@ -16,6 +16,7 @@ import Settings from './pages/Settings/Settings';
|
||||
import Help from './pages/Help/Help';
|
||||
import Setup from './pages/Setup/Setup';
|
||||
import ErrorBoundary from './components/ErrorBoundary/ErrorBoundary';
|
||||
import SecurityWarning from './components/SecurityWarning/SecurityWarning';
|
||||
|
||||
// Free Footer Link Pages (always available)
|
||||
import FAQ from './components/Layout/FooterLinks/FAQ/FAQ';
|
||||
@@ -165,6 +166,7 @@ function App() {
|
||||
<NotificationProvider>
|
||||
<AuthProvider>
|
||||
<Router>
|
||||
<SecurityWarning />
|
||||
<NotificationContainer />
|
||||
<AppContent />
|
||||
</Router>
|
||||
|
||||
59
frontend/src/components/SecurityWarning/SecurityWarning.tsx
Normal file
59
frontend/src/components/SecurityWarning/SecurityWarning.tsx
Normal file
@@ -0,0 +1,59 @@
|
||||
// src/components/SecurityWarning/SecurityWarning.tsx
|
||||
import React, { useState, useEffect } from 'react';
|
||||
|
||||
const SecurityWarning: React.FC = () => {
|
||||
const [isHttp, setIsHttp] = useState(false);
|
||||
const [isDismissed, setIsDismissed] = useState(false);
|
||||
|
||||
useEffect(() => {
|
||||
// Check if current protocol is HTTP
|
||||
const checkProtocol = () => {
|
||||
setIsHttp(window.location.protocol === 'http:');
|
||||
};
|
||||
|
||||
checkProtocol();
|
||||
window.addEventListener('load', checkProtocol);
|
||||
|
||||
return () => window.removeEventListener('load', checkProtocol);
|
||||
}, []);
|
||||
|
||||
if (!isHttp || isDismissed) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (
|
||||
<div style={{
|
||||
position: 'fixed',
|
||||
top: 0,
|
||||
left: 0,
|
||||
right: 0,
|
||||
backgroundColor: '#ff6b35',
|
||||
color: 'white',
|
||||
padding: '10px 20px',
|
||||
textAlign: 'center',
|
||||
zIndex: 10000,
|
||||
fontSize: '14px',
|
||||
fontWeight: 'bold',
|
||||
boxShadow: '0 2px 4px rgba(0,0,0,0.2)'
|
||||
}}>
|
||||
⚠️ SECURITY WARNING: This site is being accessed over HTTP.
|
||||
For secure communication, please use HTTPS.
|
||||
<button
|
||||
onClick={() => setIsDismissed(true)}
|
||||
style={{
|
||||
marginLeft: '15px',
|
||||
background: 'rgba(255,255,255,0.2)',
|
||||
border: '1px solid white',
|
||||
color: 'white',
|
||||
padding: '2px 8px',
|
||||
borderRadius: '3px',
|
||||
cursor: 'pointer'
|
||||
}}
|
||||
>
|
||||
Dismiss
|
||||
</button>
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
export default SecurityWarning;
|
||||
@@ -19,6 +19,8 @@ export const designTokens = {
|
||||
9: '#cda8f0',
|
||||
10: '#ebd7fa',
|
||||
},
|
||||
|
||||
manager: '#CC0000',
|
||||
|
||||
// Semantic Colors
|
||||
primary: '#51258f',
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -26,7 +26,7 @@ export class ApiClient {
|
||||
return token ? { 'Authorization': `Bearer ${token}` } : {};
|
||||
}
|
||||
|
||||
private async handleApiResponse<T>(response: Response): Promise<T> {
|
||||
private async handleApiResponse<T>(response: Response, responseType: 'json' | 'blob' = 'json'): Promise<T> {
|
||||
if (!response.ok) {
|
||||
let errorData;
|
||||
|
||||
@@ -61,7 +61,12 @@ export class ApiClient {
|
||||
);
|
||||
}
|
||||
|
||||
// For successful responses, try to parse as JSON
|
||||
// Handle blob responses (for file downloads)
|
||||
if (responseType === 'blob') {
|
||||
return response.blob() as Promise<T>;
|
||||
}
|
||||
|
||||
// For successful JSON responses, try to parse as JSON
|
||||
try {
|
||||
const responseText = await response.text();
|
||||
return responseText ? JSON.parse(responseText) : {} as T;
|
||||
@@ -71,7 +76,7 @@ export class ApiClient {
|
||||
}
|
||||
}
|
||||
|
||||
async request<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
|
||||
async request<T>(endpoint: string, options: RequestInit = {}, responseType: 'json' | 'blob' = 'json'): Promise<T> {
|
||||
const url = `${this.baseURL}${endpoint}`;
|
||||
|
||||
const config: RequestInit = {
|
||||
@@ -85,7 +90,7 @@ export class ApiClient {
|
||||
|
||||
try {
|
||||
const response = await fetch(url, config);
|
||||
return await this.handleApiResponse<T>(response);
|
||||
return await this.handleApiResponse<T>(response, responseType);
|
||||
} catch (error) {
|
||||
// Re-throw the error to be caught by useBackendValidation
|
||||
if (error instanceof ApiError) {
|
||||
|
||||
@@ -126,4 +126,60 @@ export const shiftPlanService = {
|
||||
throw error;
|
||||
}
|
||||
},
|
||||
|
||||
async exportShiftPlanToExcel(planId: string): Promise<Blob> {
|
||||
try {
|
||||
console.log('📊 Exporting shift plan to Excel:', planId);
|
||||
|
||||
// Use the apiClient with blob response handling
|
||||
const blob = await apiClient.request<Blob>(`/shift-plans/${planId}/export/excel`, {
|
||||
method: 'GET',
|
||||
}, 'blob');
|
||||
|
||||
console.log('✅ Excel export successful');
|
||||
return blob;
|
||||
} catch (error: any) {
|
||||
console.error('❌ Error exporting to Excel:', error);
|
||||
|
||||
if (error.statusCode === 401) {
|
||||
localStorage.removeItem('token');
|
||||
localStorage.removeItem('employee');
|
||||
throw new Error('Nicht authorisiert - bitte erneut anmelden');
|
||||
}
|
||||
|
||||
if (error.statusCode === 404) {
|
||||
throw new Error('Schichtplan nicht gefunden');
|
||||
}
|
||||
|
||||
throw new Error('Fehler beim Excel-Export des Schichtplans');
|
||||
}
|
||||
},
|
||||
|
||||
async exportShiftPlanToPDF(planId: string): Promise<Blob> {
|
||||
try {
|
||||
console.log('📄 Exporting shift plan to PDF:', planId);
|
||||
|
||||
// Use the apiClient with blob response handling
|
||||
const blob = await apiClient.request<Blob>(`/shift-plans/${planId}/export/pdf`, {
|
||||
method: 'GET',
|
||||
}, 'blob');
|
||||
|
||||
console.log('✅ PDF export successful');
|
||||
return blob;
|
||||
} catch (error: any) {
|
||||
console.error('❌ Error exporting to PDF:', error);
|
||||
|
||||
if (error.statusCode === 401) {
|
||||
localStorage.removeItem('token');
|
||||
localStorage.removeItem('employee');
|
||||
throw new Error('Nicht authorisiert - bitte erneut anmelden');
|
||||
}
|
||||
|
||||
if (error.statusCode === 404) {
|
||||
throw new Error('Schichtplan nicht gefunden');
|
||||
}
|
||||
|
||||
throw new Error('Fehler beim PDF-Export des Schichtplans');
|
||||
}
|
||||
},
|
||||
};
|
||||
5511
package-lock.json
generated
5511
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user