foxerBN/crm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52 Commits 1 Branch 0 Tags
f8d8bb2330780c99022a557744fabe418c11dd06
Commit Graph

6 Commits

Author SHA1 Message Date
richardtekula
4f4f53cbdc Fix: Remove problematic characters from temp password generation 
- Remove special characters (!@#$%^&*) that cause login issues
- Remove ambiguous characters (I, O, l, i, o, 0, 1) for better readability
- Keep only alphanumeric characters for safe copy-paste and input

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-05 11:27:06 +01:00
richardtekula
35dfa07668 Improve centralized error handling 2025-12-04 07:39:52 +01:00
richardtekula
109cae1167 Security improvements, role in user creation, todo filters fix 
- Remove better-auth dependency (unused)
- Update JWT secrets to stronger values
- Add ENCRYPTION_SALT env variable for password encryption
- Add role field to createUserSchema validator
- Accept role from body in admin.controller createUser
- Fix todo filters: add priority filter, handle completed param
- Remove .env.example (merged into .env)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 09:54:03 +01:00
richardtekula
bb851639b8 Add Timesheets API with file upload and role-based access 
Backend Features:
- Timesheets database table (id, userId, fileName, filePath, fileType, fileSize, year, month, timestamps)
- File upload with multer (memory storage, 10MB limit, PDF/Excel validation)
- Structured file storage: uploads/timesheets/{userId}/{year}/{month}/
- RESTful API endpoints:
  * POST /api/timesheets/upload - Upload timesheet
  * GET /api/timesheets/my - Get user's timesheets (with filters)
  * GET /api/timesheets/all - Get all timesheets (admin only)
  * GET /api/timesheets/:id/download - Download file
  * DELETE /api/timesheets/:id - Delete timesheet
- Role-based permissions: users access own files, admins access all
- Proper error handling and file cleanup on errors
- Database migration for timesheets table

Technical:
- Uses req.user.role for permission checks
- Automatic directory creation for user/year/month structure
- Blob URL cleanup and proper file handling
- Integration with existing auth middleware

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-21 08:35:30 +01:00
richardtekula
178b18baa5 Add debug logging for markContactEmailsAsRead and remove password change restriction 2025-11-20 08:00:14 +01:00
richardtekula
da01d586fc initialize git, basic setup for crm 2025-11-18 13:53:28 +01:00