vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

feat: Wave 2 — entities, security guards, API key encryption (15 files)
All checks were successful
Test Asgard Runner / test (push) Successful in 2s
Details

Browse Source 
Entities:
- Create 5 new TypeORM entities: webstore_config, webstore_categories,
  webstore_items, webstore_transactions, module_store (all verified against live DB)
- Fix wipe-profile entity: remove incorrect default {} for pre/post wipe configs

Security:
- Add @RequirePermission guards to 7 controllers (36 endpoints total):
  team, webstore, notifications, alerts, analytics, settings, schedules
- Encrypt panel API key with AES-256-GCM in setup service (was plaintext)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
2026-02-21 13:28:48 -05:00
parent 208622000c
commit e1a3ea3b78
15 changed files with 268 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend-nest/src/modules/alerts/alerts.controller.ts
View File

@@ -3,6 +3,7 @@ import { ApiTags, ApiBearerAuth, ApiOperation, ApiQuery } from '@nestjs/swagger'
import { AlertsService } from './alerts.service';
import { UpdateAlertConfigDto } from './dto/update-alert-config.dto';
import { CurrentTenant } from '../../common/decorators/current-tenant.decorator';
import { RequirePermission } from '../../common/decorators/require-permission.decorator';
@ApiTags('alerts')
@ApiBearerAuth()
@@ -11,12 +12,14 @@ export class AlertsController {
constructor(private readonly alertsService: AlertsService) {}
@Get('config')
@RequirePermission('alerts.view')
@ApiOperation({ summary: 'Get alert configuration' })
async getConfig(@CurrentTenant() licenseId: string) {
return this.alertsService.getConfig(licenseId);
}
@Put('config')
@RequirePermission('alerts.manage')
@ApiOperation({ summary: 'Update alert configuration' })
async updateConfig(
@CurrentTenant() licenseId: string,
@@ -26,6 +29,7 @@ export class AlertsController {
}
@Get('history')
@RequirePermission('alerts.view')
@ApiOperation({ summary: 'Get alert history' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Max records to return (default: 50)' })
async getHistory(