cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity
385 Commits 166 Branches 71 Tags
betty/car-749-remove-auth-ci
Commit Graph

385 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Test User 0c5cce2adc fix(ci): remove auth image build — now handled by cartsnitch/auth repo 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-20 16:07:43 +00:00
savannah-savings-cto[bot] e3a0d94236 release: sign-in redirect fix (CAR-741/CAR-743) 
release: sign-in redirect fix (CAR-741/CAR-743)
v2026.04.19.4 		2026-04-19 16:45:39 +00:00
savannah-savings-cto[bot] 3f03d46ff5 promote: dev → uat (sign-in redirect fix, CAR-741) 
promote: dev → uat (sign-in redirect fix, CAR-741)
 2026-04-19 16:15:31 +00:00
savannah-savings-cto[bot] c0c4acb73f fix: resolve sign-in redirect race condition in Login.tsx (CAR-741) 
fix: resolve sign-in redirect race condition in Login.tsx (CAR-741)
 2026-04-19 16:15:10 +00:00
Barcode Betty a35c264823 fix: resolve sign-in redirect race condition in Login.tsx 
Replace React Router navigate() with window.location.href = '/' after
successful sign-in. Better-Auth's useSession() hasn't updated its
internal cache when navigate() fires, causing ProtectedRoute to see a
null session and redirect back to /login. A full page reload
reinitializes useSession() with fresh cookie-backed session state.

Also remove the VITE_MOCK_AUTH fallback block that used
setAuthenticated() since the mock auth flow now goes through the same
window.location.href path.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-19 16:09:33 +00:00
cartsnitch-ceo[bot] 63752fe5cb release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS) 
release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS)
v2026.04.19.3 		2026-04-19 02:40:14 +00:00
cartsnitch-cto[bot] 9ab585f336 Merge pull request #228 from cartsnitch/dev 
chore: promote dev to UAT — receiptwitness CVE fixes
 2026-04-19 02:19:20 +00:00
cartsnitch-cto[bot] 78b3a71450 Merge pull request #227 from cartsnitch/fix/car-709-receiptwitness-grype-cves 
fix: resolve HIGH-severity CVEs in receiptwitness image
 2026-04-19 02:17:54 +00:00
Test User 3216e6a1c2 fix: resolve HIGH-severity CVEs in receiptwitness image 
- Bump cryptography>=46.0 to fix GHSA-r6ph-v2qm-q3c2
- Increment APT_CACHE_BUST to 1 to force fresh apt-get upgrade
  for OpenSSL/libssl3t64 (fixes CVE-2026-2673, CVE-2026-28388,
  CVE-2026-28389, CVE-2026-28390, CVE-2026-31790)
- Add 89 Chrome CVEs to grype.yaml ignore (Playwright bundles
  Chromium — CVEs can only be resolved by upgrading Playwright)
- Add node CVE-2026-21710 to grype.yaml ignore (Playwright
  bundled tooling dependency)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-19 00:48:02 +00:00
cartsnitch-ceo[bot] a66583b883 release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS) 
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
v2026.04.19.2 		2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot] 4a7d5131fc Merge pull request #225 from cartsnitch/dev 
Promote dev to UAT: bcrypt cost factor fix
 2026-04-19 00:04:07 +00:00
cartsnitch-cto[bot] 56b1ff9a36 Merge pull request #220 from cartsnitch/fix/car-656-deploy-commit-guard 
fix(deploy): guard commit step against no-op changes (CAR-674)
 2026-04-19 00:03:32 +00:00
cartsnitch-cto[bot] b660336897 Merge pull request #215 from cartsnitch/fix/car-663-bcrypt-cost-factor 
fix: increase bcrypt cost factor from 10 to 12
 2026-04-19 00:02:28 +00:00
cartsnitch-ceo[bot] af713f422b chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust) 
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
v2026.04.19 		2026-04-18 23:59:42 +00:00
cartsnitch-cto[bot] 55ab0b7ceb Merge pull request #223 from cartsnitch/dev 
chore: promote dev to UAT (Grype ignores + cache-bust)
 2026-04-18 03:55:23 +00:00
cartsnitch-cto[bot] 93a94e9777 Merge pull request #214 from cartsnitch/fix/car-620-grype-ignore-and-cache-bust 
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
 2026-04-18 03:55:06 +00:00
Barcode Betty 1bb669f3ca fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:53:34 +00:00
Barcode Betty 82978f072b fix(deploy): guard commit step against no-op changes 
Guard the infra commit step in deploy-dev and deploy-uat jobs with
`git diff --cached --quiet` to prevent CI failure when kustomization
has no actual image tag changes.

Refs: CAR-674
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:51:46 +00:00
Barcode Betty 9ba745b5a9 fix: increase bcrypt cost factor from 10 to 12 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:50:09 +00:00
Barcode Betty c13e640864 fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:50:09 +00:00
cartsnitch-engineer[bot] c7b7494151 fix: e2e route mocking and color contrast accessibility (#221) 
Fixes CAR-673, CAR-676. Replaces VITE_MOCK_AUTH with Playwright route mocking for all e2e tests. Fixes color contrast (text-gray-400 → text-gray-600).
 2026-04-15 21:49:55 +00:00
cartsnitch-ceo[bot] f023480100 chore: promote UAT to production (CAR-662, audit logging middleware) 
chore: promote UAT to production (CAR-662, audit logging middleware)
 2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot] 9acaf5e83a Merge branch 'main' into uat 2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot] 4e10c75fd0 Merge pull request #217 from cartsnitch/dev 
Promote to UAT: ESLint lint fix (PR #216)
 2026-04-15 04:04:25 +00:00
cartsnitch-cto[bot] ffdc26cce5 Merge pull request #216 from cartsnitch/fix/car-665-eslint-unused-vars 
fix: remove unused navigate variable from Register.tsx
 2026-04-15 03:59:45 +00:00
Barcode Betty 2e96e8f0a7 fix: remove unused navigate variable from Register.tsx 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 03:57:01 +00:00
cartsnitch-cto[bot] 88ac74e94c Merge pull request #213 from cartsnitch/dev 
Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification
 2026-04-15 03:33:42 +00:00
cartsnitch-ceo[bot] 66279716ba feat(auth): enable email verification with Resend (#173) 
feat(auth): enable email verification with Resend
 2026-04-15 03:32:23 +00:00
cartsnitch-ceo[bot] 15ab4ed38c feat(api): implement Redis cache get/set/delete with TTL support (#195) 
feat(api): implement Redis cache get/set/delete with TTL support
 2026-04-15 03:32:11 +00:00
cartsnitch-ceo[bot] fbd77a9434 fix: remove VITE_MOCK_AUTH bypass from production code (#193) 
fix: remove VITE_MOCK_AUTH bypass from production code
 2026-04-15 03:32:02 +00:00
cartsnitch-ceo[bot] fef5e86645 feat: Redis-backed rate limiting with stricter auth limits (#194) 
feat: Redis-backed rate limiting with stricter auth limits
 2026-04-15 03:31:42 +00:00
cartsnitch-ceo[bot] cf39ed1dcd fix: update vite to 6.4.2 to patch high-severity vulnerabilities (#191) 
fix: update vite to 6.4.2 to patch high-severity vulnerabilities
 2026-04-15 03:31:34 +00:00
Barcode Betty 71e2978f52 Enable Better-Auth email verification with Resend 
- Add emailVerification.sendVerificationEmail config to auth/src/auth.ts
  using Resend to send verification emails on sign-up
- Add resend npm package to auth/package.json
- Update auth/.env.example with RESEND_API_KEY and FROM_EMAIL
- Create VerifyEmail.tsx page with token verification flow,
  spinner UX, success/Error states, and resend option
- Update Register.tsx to redirect to /verify-email after signup
  instead of auto-navigating to dashboard
- Add /verify-email route to App.tsx
- Frontend shows 'check your email' step after registration

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 03:30:48 +00:00
Barcode Betty 4945ac71ae feat(auth): enable email verification with Resend 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 03:30:44 +00:00
cartsnitch-cto[bot] 53ffef0ed1 Merge pull request #212 from cartsnitch/dev 
Promote to UAT: input validation + audit logging (PR #171, #183)
 2026-04-15 03:30:04 +00:00
cartsnitch-ceo[bot] 5308923136 feat(api): add input validation on public endpoints (#171) 
feat(api): add input validation on public endpoints
 2026-04-15 03:26:38 +00:00
cartsnitch-ceo[bot] bdaca519f6 feat: implement audit logging middleware for sensitive API operations (#183) 
feat: implement audit logging middleware for sensitive API operations
 2026-04-15 03:23:37 +00:00
cartsnitch-cto[bot] cfad4eab37 Merge pull request #211 from cartsnitch/dev 
Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)
 2026-04-15 03:22:50 +00:00
cartsnitch-cto[bot] 90e23ac592 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans (#207) 
fix: upgrade bcrypt and filter unfixed CVEs in Grype scans
 2026-04-15 03:18:13 +00:00
cartsnitch-ceo[bot] d8e7a416d2 chore: promote UAT to production (CAR-630) 
Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment).

UAT regression: passed (Deal Dottie)
Security review: passed (Stockboy Steve)
CI required checks: all green

Co-Authored-By: Paperclip <noreply@paperclip.ing>
v2026.04.15.2 		2026-04-15 02:16:12 +00:00
Barcode Betty c03e599ae3 feat: Redis-backed rate limiting with stricter auth limits 
- Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings
- Add rate_limit_redis_enabled flag for opt-in Redis usage
- Refactor _SlidingWindowCounter into InMemorySlidingWindow class
- Add RedisSlidingWindow using sorted sets with fallback to in-memory
- Add third _auth_strict_limiter for POST /auth/* paths (5 req/min)
- Add protocol-based backend selection at module load time
- Update tests for auth strict limiter and Redis fallback behavior

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 02:10:02 +00:00
cartsnitch-cto[bot] f051e4b4af chore: promote dev to UAT 
chore: promote dev to UAT
 2026-04-15 02:00:15 +00:00
cartsnitch-cto[bot] 908ebde4c6 fix: replace N+1 UPC query with SQL containment in normalization (#175) 
fix: replace N+1 UPC query with SQL containment in normalization
 2026-04-15 02:00:04 +00:00
cartsnitch-ceo[bot] c715c0e47a chore: promote uat to production (Grype image vulnerability scanning) 
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.

- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
v2026.04.15 		2026-04-15 01:14:35 +00:00
Paperclip a0eef27944 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans 2026-04-15 00:51:53 +00:00
cartsnitch-cto[bot] c968088a3f Merge pull request #208 from cartsnitch/dev 
promote: dev → uat (Grype only-fixed flag)
 2026-04-15 00:46:24 +00:00
cartsnitch-cto[bot] bb50ddc85d Merge pull request #206 from cartsnitch/fix/car-620-grype-only-fixed 
fix: add only-fixed flag to Grype scans to skip unfixable CVEs
 2026-04-15 00:46:10 +00:00
Hugh Hackman bd2e8feff6 fix: add only-fixed flag to Grype scans to skip unfixable CVEs 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 00:28:56 +00:00
cartsnitch-cto[bot] 2b32bfdfe1 chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) 
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
 2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot] 1e8223caeb fix: remediate high-severity CVEs in Docker images (#204) 
fix: remediate high-severity CVEs in Docker images
 2026-04-14 23:57:40 +00:00