- Add datumOd and datumDo columns to kurzy table
- Remove datumOd, datumDo, pocetUcastnikov from registracie table
- Update schema, validators, and services accordingly
- Certificate generation now uses course dates
- Migration preserves existing data by copying most recent dates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move HTML template to src/templates/certificates/AIcertifikat.html
- Add template rendering with {{variable}} and {{#if}} syntax
- Add CERTIFICATE_TEMPLATES registry for multiple templates
- Accept templateName parameter in generateCertificate
- Add hasCertificate check to prevent duplicate certificates
- Add hasCertificate field to getCombinedTableData query
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add team_leader access to /admin/users endpoint for user list viewing
- Add PDF certificate generation for AI Kurzy with Puppeteer
- Add certificate assets (background, signatures)
- Add getPrilohaById and download endpoint for attachments
- Fix time tracking service permissions for team_leader
- Fix timesheet controller/service permissions for team_leader
- Fix calendar badge to include reminders in count
- Add lastSeen to message service for online indicator
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add team_leader role with appropriate permissions
- Add lastSeen timestamp for chat online indicator
- Add needsFollowup flag to ucastnici table
- Add getTodayCalendarCount endpoint for calendar badge
- Add company reminders to calendar data
- Enhance company search to include phone and contacts
- Update routes to allow team_leader access to kurzy, services, timesheets
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create todo-notification.service.js with:
- notifyNewTodoAssignment(): push notification for new todo assignments
- notifyUpdatedTodoAssignment(): push notification for updated assignments
todo.service.js now delegates to the notification service instead of
containing inline push notification logic with error handling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add auditContext parameter to service mutating functions. Services now
call audit log functions internally when auditContext is provided.
Controllers pass { userId, ipAddress, userAgent } and no longer import
audit service or fetch extra data for audit purposes.
Files modified:
- 10 service files: added audit imports and auditContext parameter
- 9 controller files: removed audit imports and calls
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create ai-kurzy.validators.js and service.validators.js with schemas
extracted from their respective route files. Routes now import schemas
instead of defining them inline.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create src/config/upload.js with createUpload() factory and shared
ALLOWED_FILE_TYPES constant. Replace duplicated multer configs in 5
route files with calls to the shared factory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove setPrimaryAccountSchema from email-account.validators.js and
requireOwnerOrAdmin from roleMiddleware.js — both have zero imports.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes deleted sql/ files, seeds, and documentation files.
Prepares master for refactoring branch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add pausedAt and pausedDuration columns to time_entries table.
New pause/resume endpoints with audit logging. Duration calculations
now correctly exclude paused time across start, stop, auto-stop,
and edit flows.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Restrict no-origin CORS bypass to development only
- Activate xss-clean middleware for input sanitization
- Add MIME type whitelist and filename sanitization to file uploads
- Reduce project upload limit from 50MB to 20MB
- Stop leaking stack traces in error responses
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Relax project PATCH route from requireAdmin to checkProjectAccess
- Normalize empty string companyId to null in updateProject service to prevent UUID parse error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /auth/refresh endpoint for token renewal
- Only set refresh token cookie when rememberMe is true
- Add rememberMe field to login validator schema
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- pricingTiers field was missing from createServiceSchema
- pricingTiers field was missing from updateServiceSchema
- This caused the field to be stripped during validation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add pricingTiers field handling in createService/updateService
- Fix timesheet filename to use firstName-lastName-vykazprace-YYYY-MM.xlsx
- Fix company timesheet filename format similarly
- Removed timestamp from filename for cleaner naming
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix timesheet filename to use firstName-lastName format with username fallback
- Remove auto-assign creator to todos (user must manually select assignees)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add searchNotes service function with company/project info
- Add /notes/search endpoint for searching notes content
- Returns matching notes with linked company/project names
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add postal_code column to companies table
- Add pricing_tiers column to services table for tiered pricing
- Update timesheet upload to generate filename in format {firstname}-{lastname}-timesheet-{date}
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add farba (color) field to kurzy schema and Zod validation
- Add company detail fields (firma_ico, firma_dic, firma_ic_dph, firma_sidlo) to ucastnici
- Remove console logs from ai-kurzy service
- Add SQL migration scripts for schema updates and data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AI Kurzy module with courses, participants, and registrations management
- Add project documents and service documents features
- Add service folders for document organization
- Add SQL import queries for services from firmy.slovensko.ai
- Update todo notifications and group messaging
- Various API improvements and bug fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add email_signatures table to schema
- Add email signature service, controller, routes
- Users can create/edit signature in Profile
- Toggle to include signature when sending email replies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phone was incorrectly required in the controller validation
even though schema and database allow null.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
lastName and secondaryEmail schemas now accept null values
sent from frontend, matching other optional fields pattern.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Zod schema was rejecting empty strings sent from the frontend.
Changed from z.string().optional().nullable() to z.union pattern
to properly handle "", null, and undefined values.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Allow members to create todos, companies, projects
- Auto-assign creator to resources (companyUsers, projectUsers, todoUsers)
- Add public /api/users endpoint for all authenticated users
- Make phone field optional in personal contacts (schema + validation)
- Update todo routes to use checkTodoAccess for updates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add description to Zod validation schema
- Add description to controller normalizePayload function
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add messages table schema with soft delete support
- Add message service, controller and routes
- Update CORS to allow local network IPs
- Update server to listen on 0.0.0.0
- Fix cookie sameSite for local network development
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add updateUser and resetUserPassword admin endpoints
- Change company status from boolean to enum (registered, lead, customer, inactive)
- Add 'important' event type to calendar validators and email templates
- Add 1-hour-before event notifications cron job
- Add 18:00 evening notifications for next-day events
- Add contact description field support
- Fix count() function usage in admin service
- Add SQL migrations for schema changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix LOG_LEVEL filtering logic (was inverted)
- HTTP logs now only show errors (4xx, 5xx) by default
- Add database connection check at startup
- Cron jobs logged on separate lines
- LOG_LEVEL=debug shows all HTTP requests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Single summary line instead of verbose duplicates:
[INFO] Cron jobs initialized: Calendar (07:00), Audit cleanup (00:00)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add LOG_LEVEL env variable support (debug, info, warn, error)
- Default to 'info' level for production-ready logs
- Integrate Morgan HTTP logging with custom logger
- Remove console.logs and replace with custom logger
- Remove sensitive password debug logs from email service
- Remove noisy warn logs from email sync and event notifier
- Add gray color for timestamps to improve readability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add cleanupAuditLogs.js with daily cleanup job
- Delete audit logs older than 7 days
- Runs every day at midnight (00:00)
- Export cleanupOldAuditLogs for manual triggers
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add audit logging for contacts (link company, create company from contact)
- Add audit logging for notes (create, update, delete)
- Add audit logging for companies (update, user assign/remove, reminder CRUD)
- Add audit logging for projects (update, user assign/remove)
- Add audit logging for todos (update, uncomplete)
- Add audit logging for time entries (update, delete)
- Add audit logging for timesheets (upload, delete)
- Add audit logging for user deletion
- Add pagination and filters to audit logs API (userId, action, resource, dateFrom, dateTo)
- Add endpoints for distinct actions and resources
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- POST /api/events/:eventId/notify - send notifications from admin's email
- sendSingleEventNotification() uses admin's primary email account
- getSenderAccountByUserId() to get admin's email credentials
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- GET /admin/users now requires admin role
- GET /time-tracking/running-all now requires admin role
- GET /notes now requires admin role
- GET /audit-logs now requires admin role
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
