crm-server/src/routes at d26e537244b1f3b3784838e3f0ebd6353ab98f31 - crm-server - Gitea: Git with a cup of tea

foxerBN/crm-server

Files

History

richardtekula d26e537244 fix: Harden security - CORS, XSS, file uploads, error handling

- Restrict no-origin CORS bypass to development only
- Activate xss-clean middleware for input sanitization
- Add MIME type whitelist and filename sanitization to file uploads
- Reduce project upload limit from 50MB to 20MB
- Stop leaking stack traces in error responses

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-26 15:21:44 +01:00

..

admin.routes.js

feat: Add user management APIs, status enum, enhanced notifications

2026-01-15 09:41:29 +01:00

ai-kurzy.routes.js

fix: Harden security - CORS, XSS, file uploads, error handling

2026-01-26 15:21:44 +01:00

audit.routes.js

feat: Add comprehensive audit logging system

2025-12-17 07:19:40 +01:00

auth.routes.js

feat: Add refresh token endpoint and remember me support

2026-01-23 07:21:58 +01:00

company.routes.js

feat: Add services, company documents, company timesheet export

2026-01-17 18:45:01 +01:00

contact.routes.js

add email threads to companies

2025-11-25 15:00:30 +01:00

crm-email.routes.js

Code quality improvements from code review

2025-12-05 11:03:32 +01:00

email-account.routes.js

refractoring & add timesheet service

2025-11-25 07:52:31 +01:00

email-signature.routes.js

feat: Add email signature feature

2026-01-17 19:11:51 +01:00

event.routes.js

feat: Add services, company documents, company timesheet export

2026-01-17 18:45:01 +01:00

group.routes.js

feat: Group chat and push notifications

2026-01-20 07:27:13 +01:00

message.routes.js

feat: Add internal chat system and network access support

2026-01-15 10:13:14 +01:00

note.routes.js

feat: Add notes search endpoint for enhanced global search

2026-01-22 07:49:10 +01:00

personal-contact.routes.js

fix: Accept null for all optional contact fields

2026-01-16 10:20:50 +01:00

project.routes.js

fix: Harden security - CORS, XSS, file uploads, error handling

2026-01-26 15:21:44 +01:00

push.routes.js

feat: Group chat and push notifications

2026-01-20 07:27:13 +01:00

service.routes.js

feat: AI Kurzy module, project/service documents, services SQL import

2026-01-21 11:32:49 +01:00

time-tracking.routes.js

feat: Add services, company documents, company timesheet export

2026-01-17 18:45:01 +01:00

timesheet.routes.js

Security improvements, role in user creation, todo filters fix

2025-12-03 09:54:03 +01:00

todo.routes.js

feat: AI Kurzy module, project/service documents, services SQL import

2026-01-21 11:32:49 +01:00

user.routes.js

feat: Member permissions, optional phone, public users endpoint

2026-01-16 07:08:42 +01:00