lunarfront-app

ryan/lunarfront-app

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Moon	f4e5a57846	Update planning docs to reflect current implementation state - Doc 02: Add member_identifier table, member_number, primary_member_id, account_number auto-generation, isMinor override, tax_exemption as separate table, member move, updated business rules - Doc 03: Document lookup table pattern replacing pgEnums for status and condition, add system/custom value distinction - Doc 22: Mark all Phase 2 items as complete, add new tables to additions section, update audit findings, note admin frontend exists	2026-03-28 09:49:34 -05:00
Ryan Moon	e7853f59f2	Add planning docs for trade-ins, returns, tax exemptions, cycle counts, POs, bundles, backorders, barcode labels, instrument sizing, warranties, maintenance schedules, gift cards, layaway, rental agreements, and in-home trials	2026-03-27 20:53:01 -05:00
Ryan Moon	c34ad27b86	Fix auth security issues, add rate limiting, write Phase 2 audit Security fixes: - Register route validates company exists before creating user - Rate limiting on auth routes (10 per 15min per IP) - Dev auth plugin guards against production use - Main.ts throws if JWT_SECRET missing in production Added Phase 2 audit doc (22) covering: - Built vs planning doc comparison - Security review with fixes applied - Duplicate code patterns identified - Standard POS feature gap analysis - Music-specific feature gaps 33 tests passing.	2026-03-27 19:21:33 -05:00

Author

SHA1

Message

Date

Ryan Moon

f4e5a57846

Update planning docs to reflect current implementation state

- Doc 02: Add member_identifier table, member_number, primary_member_id,
  account_number auto-generation, isMinor override, tax_exemption as
  separate table, member move, updated business rules
- Doc 03: Document lookup table pattern replacing pgEnums for status and
  condition, add system/custom value distinction
- Doc 22: Mark all Phase 2 items as complete, add new tables to additions
  section, update audit findings, note admin frontend exists

2026-03-28 09:49:34 -05:00

Ryan Moon

e7853f59f2

Add planning docs for trade-ins, returns, tax exemptions, cycle counts, POs, bundles, backorders, barcode labels, instrument sizing, warranties, maintenance schedules, gift cards, layaway, rental agreements, and in-home trials

2026-03-27 20:53:01 -05:00

Ryan Moon

c34ad27b86

Fix auth security issues, add rate limiting, write Phase 2 audit

Security fixes:
- Register route validates company exists before creating user
- Rate limiting on auth routes (10 per 15min per IP)
- Dev auth plugin guards against production use
- Main.ts throws if JWT_SECRET missing in production

Added Phase 2 audit doc (22) covering:
- Built vs planning doc comparison
- Security review with fixes applied
- Duplicate code patterns identified
- Standard POS feature gap analysis
- Music-specific feature gaps

33 tests passing.

2026-03-27 19:21:33 -05:00

3 Commits