null
05b27d216a
feat: Dockerfile/docker-compose updates, server improvements, contact form with recaptcha, API integration (batch 0.9.0)
2026-06-14 15:37:26 -05:00
null
0f272fcf19
error and injection
2026-05-28 00:18:08 -05:00
null
0cfa048d0d
injection security
2026-05-27 14:14:24 -05:00
null
afec6547c1
RECAPTCHA
2026-05-25 20:20:15 -05:00
null
09926fed6d
Contact.jsx (line 23): added ZIP to validation/error state, rendered it as required, and shows ZIP code is required.
...
server/index.js (line 253): backend Zod schema now rejects missing or blank ZIP.
api.js (line 3): preserves backend field errors for display.
2026-05-25 18:17:16 -05:00
null
2c002c2f82
fix: remove React Query, add HTTPS redirect, document CSP Zoho note ( #128 #127 #129 ) (batch 10.0)
2026-05-17 22:33:11 -05:00
null
f8d380ebab
fix: disable prod sourcemaps, secure CORS default, allow HMR websocket ( #122 #124 #131 ) (batch 9.6)
2026-05-17 21:53:39 -05:00
null
53e2873fd4
fix: honeypot spam protection, 409 conflict handling ( #119 #126 ) (batch 9.5)
2026-05-17 21:51:53 -05:00
null
4e57efdc53
fix: DB schema UNIQUE constraint, Docker healthcheck, DB permissions ( #120 #121 #123 ) (batch 9.0)
2026-05-17 21:34:39 -05:00
null
2923ef0d50
feat(zoho): add Cases forwarding + setup docs ( closes #76 , #78 )
...
- Add forwardSupportToZoho() for Zoho Cases (fire-and-forget)
- Map support fields: issue→Subject, priority→Priority, Case_Origin=Website
- ZOHO_CASES_ENABLED env var (independent from ZOHO_ENABLED)
- Add docs/zoho-setup.md with step-by-step setup guide
- Batch 7.2 and 7.4
2026-05-17 19:27:04 -05:00
null
debde23ab7
fix(zoho): fix OAuth token endpoint, improve lead field mapping, add upsert
...
- Fix critical bug: token refresh now uses ZOHO_ACCOUNTS_DOMAIN
(accounts.zoho.com) instead of API domain (www.zohoapis.com).
The OAuth token endpoint lives on a different domain.
- Remove unnecessary redirect_uri from refresh token request
- Add ZOHO_ACCOUNTS_DOMAIN env var (separate from API domain)
- Split contact name into First_Name/Last_Name for Zoho schema
- Replace Service_Interest (non-standard field) with Description
+ Lead_Source: Website (standard picklist value)
- Switch from Insert to Upsert API with duplicate_check_fields:
[Email] so duplicate submissions update instead of error
- Add trigger: ['workflow'] for explicit workflow control
- Add token refresh retry (1 retry on transient failure)
- Add ZOHO_CASES_ENABLED env var for future Cases forwarding
- Update .env.example with full Zoho config documentation
- Update FUTURE.md with detailed Phase 7 Zoho integration plan
- Remove obsolete ZOHO_REDIRECT_URI from Dockerfile
2026-05-17 18:37:10 -05:00
null
1437b2af07
fix: 10 bug fixes from code review (batch 0.6.5)
...
- #63 : Fix industry.href undefined → use industry.id for navigation
- #50 : Fix sanitized scope error in catch block (let before try)
- #58 : Footer.jsx: convert all internal <a href> to <Link to>
- #61 : Textarea.jsx: fix className interpolation (quotes → backticks)
- #59 : About.jsx: convert CTA <a href> to <Link to>
- #60 : Support.jsx: convert Contact button <a href> to <Link to>
- #62 : Badge.jsx: text-foreground → text-text
- #64 : Support.jsx: hover:bg-navy-darker → hover:bg-primary-navy-dark
- #65 : Server: move timeoutMiddleware before catch-all routes
- #66 : Contact.jsx: convert self-referencing <a href> to <Link to>
2026-05-17 18:03:55 -05:00
null
4f3e20b7a0
fix: dead code cleanup, timeout middleware, Zoho error handling ( closes #53 , #54 , #55 , #56 , #57 )
...
- Delete broken barrel exports ui/index.jsx and ui/all.jsx (#53 )
- Remove duplicate QueryClient instance and dead queryClient.js (#55 )
- Remove unused queryClient import/export from api.js (#55 )
- Move timeoutMiddleware before catch-all routes so it actually fires (#54 )
- Fix async error handling in forwardToZoho - add .catch() (#56 )
- Add ZOHO_CLIENT_ID to credential guard, normalize defaults to null (#57 )
(batch 0.6.4)
2026-05-17 17:46:54 -05:00
null
56bdf07216
fix: close issues #12 #15 #17 #18 — CSP nonce, API retry, input debounce, caching verified (batch 0.6.1)
2026-05-17 16:10:10 -05:00
null
e11aefd184
fix: audit issues #10 #14 #16 #19 — CORS errors, JSON middleware, Zoho fields, noValidate (batch 0.6.8)
2026-05-17 15:46:59 -05:00
null
25ab4c7986
fix(server): Zoho token endpoint hardening + version bump to 0.5.4 (batch 0.6.0)
2026-05-17 15:18:24 -05:00
null
5b0a509e70
fix(zoho): P0/P1 criticals — credential check, response validation, timeout, null normalization (Neo N1)
2026-05-17 15:01:04 -05:00
null
7d476f36e8
fix(security): audit fixes #4 #6 #10 + hero rewrite (batch 0.5.2)
...
- #4 : Replace su-exec with USER nodejs in Dockerfile (P0)
- #6 : Add UNIQUE constraint on leads.email with migration (P1)
- #10 : Consistent NULL handling for optional fields (P1)
- Hero section rewrite: B2B value proposition, prominent 8x8 badge
- Clean up .bak file left by agent
2026-05-17 14:44:34 -05:00
null
c4985e37bc
feat: Phase 5 SPA fixes, mobile menu, assets, and redesign planning
...
- Fix BrowserRouter → RouterProvider (routes were disconnected)
- Strip TS generics from .jsx files (Card, Badge, Dialog, Input, Textarea)
- Fix useToast import from sonner (Contact, Support)
- Merge mobile Sheet into Header (DialogTrigger outside Dialog)
- Add SPA catch-all route for client-side navigation
- Add CSP style-src for Google Fonts
- Copy all image assets to public/ (were 404)
- Replace placeholder logo with real Queue North logo
- Fix SheetContent positional CSS + install tailwindcss-animate
- Add visually hidden SheetTitle for accessibility
- Update README and FUTURE.md with Phase 5 redesign batches
- Add review.md (redesign assessment, exempt from git)
2026-05-13 22:07:35 -05:00
null
c2d5873f08
feat: error handling hardening, 404 catch-all, health check DB test, request timeout, global error handlers (v0.4.8)
2026-05-13 19:59:19 -05:00
null
7257633d94
feat: rate limiting, helmet security headers, CORS, trust proxy, Docker env vars (v0.4.7)
2026-05-13 18:37:32 -05:00
null
39ee1fe537
feat: structured logging with timestamps, request logging, and submission details (v0.4.6)
2026-05-13 18:31:52 -05:00
null
6bfd804313
feat: Zoho CRM forwarding layer with OAuth2 token management (v0.4.6)
2026-05-13 18:28:56 -05:00
null
4ac0fa250d
feat: server-side validation + input sanitization (v0.4.5)
2026-05-13 18:18:07 -05:00
null
1f3e3864f9
feat: Docker batch 0.2.1 — production-ready containerization
...
- Multi-stage Dockerfile with non-root nodejs user
- Healthcheck using Node 20 built-in fetch (no wget)
- docker-entrypoint.sh: root permission fix, then exec to nodejs
- server/db.js: deferred SQLite init for Docker volume permissions
- docker-compose.yml with named volumes for persistence
- .dockerignore and .env.example added
- README updated with Docker usage section
Security reviewed by Private Hudson. All blockers resolved.
2026-05-12 01:57:55 -05:00
null
b7f7765a72
feat: complete phase 1 foundation
2026-05-12 01:04:17 -05:00