Add auditContext parameter to service mutating functions. Services now
call audit log functions internally when auditContext is provided.
Controllers pass { userId, ipAddress, userAgent } and no longer import
audit service or fetch extra data for audit purposes.
Files modified:
- 10 service files: added audit imports and auditContext parameter
- 9 controller files: removed audit imports and calls
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create ai-kurzy.validators.js and service.validators.js with schemas
extracted from their respective route files. Routes now import schemas
instead of defining them inline.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create src/config/upload.js with createUpload() factory and shared
ALLOWED_FILE_TYPES constant. Replace duplicated multer configs in 5
route files with calls to the shared factory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove setPrimaryAccountSchema from email-account.validators.js and
requireOwnerOrAdmin from roleMiddleware.js — both have zero imports.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes deleted sql/ files, seeds, and documentation files.
Prepares master for refactoring branch.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add pausedAt and pausedDuration columns to time_entries table.
New pause/resume endpoints with audit logging. Duration calculations
now correctly exclude paused time across start, stop, auto-stop,
and edit flows.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Restrict no-origin CORS bypass to development only
- Activate xss-clean middleware for input sanitization
- Add MIME type whitelist and filename sanitization to file uploads
- Reduce project upload limit from 50MB to 20MB
- Stop leaking stack traces in error responses
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Relax project PATCH route from requireAdmin to checkProjectAccess
- Normalize empty string companyId to null in updateProject service to prevent UUID parse error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /auth/refresh endpoint for token renewal
- Only set refresh token cookie when rememberMe is true
- Add rememberMe field to login validator schema
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- pricingTiers field was missing from createServiceSchema
- pricingTiers field was missing from updateServiceSchema
- This caused the field to be stripped during validation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add pricingTiers field handling in createService/updateService
- Fix timesheet filename to use firstName-lastName-vykazprace-YYYY-MM.xlsx
- Fix company timesheet filename format similarly
- Removed timestamp from filename for cleaner naming
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix timesheet filename to use firstName-lastName format with username fallback
- Remove auto-assign creator to todos (user must manually select assignees)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add searchNotes service function with company/project info
- Add /notes/search endpoint for searching notes content
- Returns matching notes with linked company/project names
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add postal_code column to companies table
- Add pricing_tiers column to services table for tiered pricing
- Update timesheet upload to generate filename in format {firstname}-{lastname}-timesheet-{date}
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add farba (color) field to kurzy schema and Zod validation
- Add company detail fields (firma_ico, firma_dic, firma_ic_dph, firma_sidlo) to ucastnici
- Remove console logs from ai-kurzy service
- Add SQL migration scripts for schema updates and data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AI Kurzy module with courses, participants, and registrations management
- Add project documents and service documents features
- Add service folders for document organization
- Add SQL import queries for services from firmy.slovensko.ai
- Update todo notifications and group messaging
- Various API improvements and bug fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add email_signatures table to schema
- Add email signature service, controller, routes
- Users can create/edit signature in Profile
- Toggle to include signature when sending email replies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phone was incorrectly required in the controller validation
even though schema and database allow null.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
lastName and secondaryEmail schemas now accept null values
sent from frontend, matching other optional fields pattern.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Zod schema was rejecting empty strings sent from the frontend.
Changed from z.string().optional().nullable() to z.union pattern
to properly handle "", null, and undefined values.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Allow members to create todos, companies, projects
- Auto-assign creator to resources (companyUsers, projectUsers, todoUsers)
- Add public /api/users endpoint for all authenticated users
- Make phone field optional in personal contacts (schema + validation)
- Update todo routes to use checkTodoAccess for updates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add description to Zod validation schema
- Add description to controller normalizePayload function
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add messages table schema with soft delete support
- Add message service, controller and routes
- Update CORS to allow local network IPs
- Update server to listen on 0.0.0.0
- Fix cookie sameSite for local network development
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add updateUser and resetUserPassword admin endpoints
- Change company status from boolean to enum (registered, lead, customer, inactive)
- Add 'important' event type to calendar validators and email templates
- Add 1-hour-before event notifications cron job
- Add 18:00 evening notifications for next-day events
- Add contact description field support
- Fix count() function usage in admin service
- Add SQL migrations for schema changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix LOG_LEVEL filtering logic (was inverted)
- HTTP logs now only show errors (4xx, 5xx) by default
- Add database connection check at startup
- Cron jobs logged on separate lines
- LOG_LEVEL=debug shows all HTTP requests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Single summary line instead of verbose duplicates:
[INFO] Cron jobs initialized: Calendar (07:00), Audit cleanup (00:00)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add LOG_LEVEL env variable support (debug, info, warn, error)
- Default to 'info' level for production-ready logs
- Integrate Morgan HTTP logging with custom logger
- Remove console.logs and replace with custom logger
- Remove sensitive password debug logs from email service
- Remove noisy warn logs from email sync and event notifier
- Add gray color for timestamps to improve readability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add cleanupAuditLogs.js with daily cleanup job
- Delete audit logs older than 7 days
- Runs every day at midnight (00:00)
- Export cleanupOldAuditLogs for manual triggers
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add audit logging for contacts (link company, create company from contact)
- Add audit logging for notes (create, update, delete)
- Add audit logging for companies (update, user assign/remove, reminder CRUD)
- Add audit logging for projects (update, user assign/remove)
- Add audit logging for todos (update, uncomplete)
- Add audit logging for time entries (update, delete)
- Add audit logging for timesheets (upload, delete)
- Add audit logging for user deletion
- Add pagination and filters to audit logs API (userId, action, resource, dateFrom, dateTo)
- Add endpoints for distinct actions and resources
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- POST /api/events/:eventId/notify - send notifications from admin's email
- sendSingleEventNotification() uses admin's primary email account
- getSenderAccountByUserId() to get admin's email credentials
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- GET /admin/users now requires admin role
- GET /time-tracking/running-all now requires admin role
- GET /notes now requires admin role
- GET /audit-logs now requires admin role
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add section 12: Cron Jobs a Notifikácie
- Update project structure with cron/ folder
- Add admin trigger-notifications endpoint to API docs
- Add notification env variables to config section
- Include examples, logs, and extension guide
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When NOTIFICATION_TEST_MODE=true, cron runs every minute instead of
at the scheduled time. Useful for testing email notifications.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rename meetings table to events with type field (meeting/event)
- Add eventUsers junction table for user assignments
- Members see only events they're assigned to
- Calendar endpoint returns events + todos for month
- Add migration SQL for database changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add dueDate timestamp field to notes schema
- Update note validators to accept dueDate
- Update note service to handle dueDate in CRUD operations
- Fix company and project controllers to pass dueDate
- Fix route validations to include dueDate field
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add companyId column to personal_contacts table
- Update personal-contact service to include companyName in list
- Add getContactsByCompanyId function for company contacts endpoint
- Add GET /companies/:companyId/contacts endpoint
- Add companyId to contact validation schema
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add creator info (username) to companies, projects, and notes responses
- Add company_users table for team management on companies
- Add resourceAccessMiddleware for member access control
- Members can only see resources they are directly assigned to
- Companies, projects, and todos are now filtered by user assignments
- Add personal contacts feature
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
