lunarfront-app

ryan/lunarfront-app

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Moon	9400828f62	Rename Forte to LunarFront, generalize for any small business Rebrand from Forte (music-store-specific) to LunarFront (any small business): - Package namespace @forte/* → @lunarfront/* - Database forte/forte_test → lunarfront/lunarfront_test - Docker containers, volumes, connection strings - UI branding, localStorage keys, test emails - All documentation and planning docs Generalize music-specific terminology: - instrumentDescription → itemDescription - instrumentCount → itemCount - instrumentType → itemCategory (on service templates) - New migration 0027_generalize_terminology for column renames - Seed data updated with generic examples - RBAC descriptions updated	2026-03-30 08:51:54 -05:00
Ryan Moon	748ea59c80	Harden storage permissions and WebDAV security Permission service: - Add hasAccess() with explicit minLevel param, deprecate canAccess() - Cycle protection + depth limit (50) on all parent traversal - Pick highest access level across multiple roles (was using first match) - isPublic only grants view on directly requested folder, not inherited - Sanitize file extension from content-type - Clean up orphaned traverse perms when removing permissions - Add getPermissionById() for authz checks on permission deletion Storage routes: - All write ops require edit via hasAccess() — traverse can no longer create folders, upload files, rename, toggle isPublic, or delete - Permission delete requires admin access on the folder - Permission list requires admin access on the folder - Folder children listing filtered by user access - File search results filtered by user access (was returning all) - Signed URL requires view (was using canAccess which allows traverse) WebDAV: - 100MB upload size limit (was unbounded — OOM risk) - PROPFIND root filters folders by user access (was listing all) - COPY uses hasAccess('view') not canAccess (traverse bypass) - All writes use hasAccess('edit') consistently - MKCOL at root requires files.delete permission - Lock ownership enforced on UNLOCK (was allowing any user) - Lock conflict check on LOCK (423 if locked by another user) - Lock enforcement on PUT and DELETE (423 if locked by another) - Max 100 locks per user, periodic expired lock cleanup - Path traversal protection: reject .. and null bytes in segments - Brute-force protection: 10 failed attempts per IP, 5min lockout	2026-03-29 18:21:19 -05:00
Ryan Moon	51ca2ca683	Add folder permissions UI and WebDAV protocol support Permissions UI: - FolderPermissionsDialog component with public/private toggle, role/user permission management, and access level badges - Integrated into file manager toolbar (visible for folder admins) - Backend returns accessLevel in folder detail endpoint WebDAV server: - Full WebDAV protocol at /webdav/ with Basic Auth (existing credentials) - PROPFIND, GET, PUT, DELETE, MKCOL, COPY, MOVE, LOCK/UNLOCK support - Permission-checked against existing folder access model - In-memory lock stubs for Windows client compatibility - 22 API integration tests covering all operations Also fixes canAccess to check folder creator (was missing).	2026-03-29 17:38:57 -05:00

Author

SHA1

Message

Date

Ryan Moon

9400828f62

Rename Forte to LunarFront, generalize for any small business

Rebrand from Forte (music-store-specific) to LunarFront (any small business):
- Package namespace @forte/* → @lunarfront/*
- Database forte/forte_test → lunarfront/lunarfront_test
- Docker containers, volumes, connection strings
- UI branding, localStorage keys, test emails
- All documentation and planning docs

Generalize music-specific terminology:
- instrumentDescription → itemDescription
- instrumentCount → itemCount
- instrumentType → itemCategory (on service templates)
- New migration 0027_generalize_terminology for column renames
- Seed data updated with generic examples
- RBAC descriptions updated

2026-03-30 08:51:54 -05:00

Ryan Moon

748ea59c80

Harden storage permissions and WebDAV security

Permission service:
- Add hasAccess() with explicit minLevel param, deprecate canAccess()
- Cycle protection + depth limit (50) on all parent traversal
- Pick highest access level across multiple roles (was using first match)
- isPublic only grants view on directly requested folder, not inherited
- Sanitize file extension from content-type
- Clean up orphaned traverse perms when removing permissions
- Add getPermissionById() for authz checks on permission deletion

Storage routes:
- All write ops require edit via hasAccess() — traverse can no longer
  create folders, upload files, rename, toggle isPublic, or delete
- Permission delete requires admin access on the folder
- Permission list requires admin access on the folder
- Folder children listing filtered by user access
- File search results filtered by user access (was returning all)
- Signed URL requires view (was using canAccess which allows traverse)

WebDAV:
- 100MB upload size limit (was unbounded — OOM risk)
- PROPFIND root filters folders by user access (was listing all)
- COPY uses hasAccess('view') not canAccess (traverse bypass)
- All writes use hasAccess('edit') consistently
- MKCOL at root requires files.delete permission
- Lock ownership enforced on UNLOCK (was allowing any user)
- Lock conflict check on LOCK (423 if locked by another user)
- Lock enforcement on PUT and DELETE (423 if locked by another)
- Max 100 locks per user, periodic expired lock cleanup
- Path traversal protection: reject .. and null bytes in segments
- Brute-force protection: 10 failed attempts per IP, 5min lockout

2026-03-29 18:21:19 -05:00

Ryan Moon

51ca2ca683

Add folder permissions UI and WebDAV protocol support

Permissions UI:
- FolderPermissionsDialog component with public/private toggle,
  role/user permission management, and access level badges
- Integrated into file manager toolbar (visible for folder admins)
- Backend returns accessLevel in folder detail endpoint

WebDAV server:
- Full WebDAV protocol at /webdav/ with Basic Auth (existing credentials)
- PROPFIND, GET, PUT, DELETE, MKCOL, COPY, MOVE, LOCK/UNLOCK support
- Permission-checked against existing folder access model
- In-memory lock stubs for Windows client compatibility
- 22 API integration tests covering all operations

Also fixes canAccess to check folder creator (was missing).

2026-03-29 17:38:57 -05:00

3 Commits