Commit Graph

7 Commits

Author SHA1 Message Date
nogueiraguh
f22bb54e25 feat: Oracle IAM OIDC, force password change, security hardening
- OIDC: authorization code flow, JWKS validation, JIT provisioning, group-to-role mapping, dual auth (local/oidc/both)
- Force password change: random admin password on first install, modal blocks UI until changed
- APP_SECRET required in docker-compose (fail if missing), .env.example improved
- Login page: Oracle IAM button (conditional), hide form in oidc-only mode
- OracleIamPage: test connection via backend, masked client_secret handling
- UsersPage: OIDC badge, auth_provider in list
- i18n: login.oidcButton, login.or (pt/en/es)
- README v3.1: Terminal, User Management, Security, OIDC endpoints, versioning
2026-04-02 10:26:00 -03:00
nogueiraguh
8caa032055 feat: OCI CLI Terminal, Spanish i18n, language in My Settings
Terminal:
- New /terminal page with Linux-style terminal UI (dark theme, title bar, prompt)
- OCI Config selector — isolated per user (ownership check)
- Tab autocomplete: parses oci --help dynamically, caches results, commands first
- Command history (↑/↓) persisted in DB per user
- Security: only 'oci' commands, blocks pipes/redirects/shell injection
- Built-in commands: clear, history, help
- Timeout 60s per command

i18n:
- Spanish (es.ts): 748+ keys, Latin American formal
- Language selector moved from sidebar to My Settings (🇧🇷/🇺🇸/🇪🇸)
- Auto-detect browser language (pt/es/en)

Backend:
- POST /api/terminal/execute — run OCI CLI with selected config
- GET /api/terminal/completions — dynamic autocomplete from oci --help
- GET /api/terminal/history — per-user command history
- terminal_history table in SQLite
2026-04-01 17:45:25 -03:00
nogueiraguh
62f2a3d1ab feat: My Settings — password change (local only), timezone, MFA, auth_provider field
- MySettingsPage: timezone, password change (local users), MFA setup/disable
- Password change hidden for federated users (auth_provider != local)
- Federated users see info message: "managed by Oracle IAM"
- Backend: auth_provider + oidc_subject columns in users table (migration)
- /users/me returns auth_provider field
- User interface updated with auth_provider
- i18n: 12 new keys (pt/en) for password change
2026-04-01 15:20:16 -03:00
nogueiraguh
c3035abf81 feat: User Management menu — My Settings, Oracle IAM page, sidebar restructure
- Sidebar: "User Management" expandable group with sub-items (Users, My Settings, Oracle IAM)
- MySettingsPage: self-service timezone + MFA setup/disable (any user)
- OracleIamPage: admin-only OIDC config (auth mode, issuer, client ID/secret, group→role mapping, test connection)
- UsersPage: removed timezone card (moved to My Settings)
- i18n: 35+ new keys (pt/en) for settings and IAM pages
- Routes: /admin/user-settings, /admin/iam registered with code splitting
2026-04-01 15:00:23 -03:00
nogueiraguh
35a2bf786b feat: OCI Services page, compliance report v3, DOCX with camo strip, timezone per-user
- New OCI Services page with Service Status (auto-detect + overrides) and OCI Health (real-time Oracle status) tabs
- Compliance report: OCI Services section with Cloud Guard recommendations table, back page with Connect with us
- DOCX generation: professional styling with Pillow camouflage strip, green header tables, result boxes
- Separate Download DOCX button in reports page
- Timezone now per-user (not global) — each user configures their own timezone
- ADB connection pre-check before report generation (fail fast 503)
- Compliance report iframe shows friendly HTML instead of JSON 404 during generation
- OCI Health dashboard: proxies ocistatus.oraclecloud.com with search, geo filters, expandable region cards
2026-03-29 00:43:20 -03:00
nogueiraguh
fbcb1966d5 feat: comprehensive security, performance, UX and deployment audit
Security:
- CORS restricted to explicit methods/headers, configurable via CORS_ORIGINS env
- Auth added to /reports/{rid}/html and /compliance-report endpoints
- Ownership check on report downloads
- Rate limiting on login (10 attempts/5min per IP with threading.Lock)
- Non-root container user (agent via gosu entrypoint)
- Nginx security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy)
- .gitignore and .dockerignore for secret leak prevention
- .env.example with documentation

Performance:
- 16 SQLite indexes on foreign keys and frequently queried columns
- Pagination on chat messages (100), reports (50), audit log (100)
- subprocess.run wrapped in run_in_executor (3 async handlers)
- asyncio.wait_for timeouts on GenAI calls (300s) and Chromium PDF (120s)
- Thread pool reduced to 10 workers
- Code splitting with React.lazy (bundle: 1.3MB -> ~550KB initial)
- React.memo on TreeItem (recursive compartment tree)

Error handling:
- 13 bare except clauses replaced with logged Exception handlers
- Graceful shutdown handler (terminates subprocesses + executor)
- File upload validation (50MB max, extension whitelist per endpoint)
- Health check expanded (version, uptime, db_ok)
- Cache-Control on /api/genai/models (1h)
- Auto-cleanup audit_log > 30 days

Dead code removed:
- DownloadsPage.tsx, StubPage.tsx, MfaPage.tsx (moved to UsersPage)
- Legacy frontend/ directory
- 19 unused i18n keys, dist/ removed from git tracking

UX & i18n:
- 8 alert() calls replaced with styled error states (TerraformPage)
- 50+ hardcoded Portuguese strings localized to i18n (pt/en) across 11 files
- aria-label on all icon-only buttons (Chat, Explorer, Sidebar)
- focus-visible CSS for keyboard navigation
- Responsive grid fix (360px -> 280px for mobile)
- aria-hidden on decorative SVGs

Deployment:
- Docker resource limits (backend 4G, frontend 512M)
- Log rotation (json-file, 10MB x 3)
- Terraform version parameterized via ARG
2026-03-20 13:48:30 -03:00
nogueiraguh
442e710b9f feat: LAD A-Team CIS Compliance Report, React SPA, i18n, report management, explorer UX fixes
- Professional Oracle-format compliance report with RAG remediation from ADB vector store
- React 19 SPA at /app/ (16 pages, TypeScript, Vite, Zustand, i18n pt/en 625 keys)
- Report delete endpoint, embed individual report files into vector store
- Terraform ZIP download (client-side, pure JS)
- Explorer silent polling during start/stop (no flickering)
- HTML report and compliance report sections start minimized
- Token auth fix for compliance report CSV download links
2026-03-19 07:34:06 -03:00