Creationshop/cannaiq

Go to file

Kelly 2513e22171 fix(security): Add auth middleware to unprotected API endpoints

Security audit identified 8 endpoint groups that were publicly accessible
without authentication. Added authMiddleware and requireRole where appropriate.

Protected endpoints:
- /api/payloads/* - authMiddleware (trusted origins or API token)
- /api/job-queue/* - authMiddleware + requireRole('admin')
- /api/workers/* - authMiddleware
- /api/worker-registry/* - authMiddleware (pods access via trusted IPs)
- /api/k8s/* - authMiddleware + requireRole('admin')
- /api/pipeline/* - authMiddleware + requireRole('admin')
- /api/tasks/* - authMiddleware + requireRole('admin')
- /api/admin/orchestrator/* - authMiddleware + requireRole('admin')

Also:
- Added API_SECURITY.md documentation
- Filter AI settings from /settings page (managed in /ai-settings)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-12 00:30:08 -07:00

feat(ci): Add npm cache volume for faster typechecks

2025-12-11 19:27:32 -07:00

fix(security): Add auth middleware to unprotected API endpoints

2025-12-12 00:30:08 -07:00

fix(monitor): remove non-existent worker columns from job_run_logs query

2025-12-03 18:45:05 -07:00

fix(security): Add auth middleware to unprotected API endpoints

2025-12-12 00:30:08 -07:00

feat: Stealth worker system with mandatory proxy rotation

2025-12-10 00:44:59 -07:00

feat: Stealth worker system with mandatory proxy rotation

2025-12-10 00:44:59 -07:00

fix: Findagram brands page crash and PWA icon errors

2025-12-10 13:06:23 -07:00

feat: Add Findagram and FindADispo consumer frontends

2025-12-05 16:10:15 -07:00

chore: Clean up deprecated code and docs

2025-12-11 22:17:40 -07:00

public/downloads

feat: Add stale process monitor, users route, landing page, archive old scripts

2025-12-05 04:07:31 -07:00

feat: Add stale process monitor, users route, landing page, archive old scripts

2025-12-05 04:07:31 -07:00

wordpress-plugin

docs(wordpress): Add deprecation comments for legacy shortcode/migration code

2025-12-10 16:24:56 -07:00

.gitignore

fix: Remove broken llm-scraper submodule reference

2025-12-07 13:53:21 -07:00

.woodpecker.yml

fix(ci): Remove buildx cache and add preflight enforcement

2025-12-11 21:37:22 -07:00

CLAUDE.md

feat(k8s): Add StatefulSet for persistent workers

2025-12-12 00:30:08 -07:00

crawlsy-menus.zip

fix(monitor): remove non-existent worker columns from job_run_logs query

2025-12-03 18:45:05 -07:00

DATABASE-GUIDE.md

Initial commit - Dutchie dispensary scraper

2025-11-28 19:45:44 -07:00

docker-compose.local.yml

feat: Responsive admin UI, SEO pages, and click analytics

2025-12-07 22:48:21 -07:00

docker-compose.yml

feat: Add v2 architecture with multi-state support and orchestrator services

2025-12-07 11:30:57 -07:00

GETTING-STARTED.md

Add Getting Started guide for development and deployment

2025-12-01 08:41:29 -07:00

README.md

ci: trigger build

2025-12-07 15:20:22 -07:00

resuming.txt

Initial commit - Dutchie dispensary scraper

2025-11-28 19:45:44 -07:00

SESSION_NOTES.md

Initial commit - Dutchie dispensary scraper

2025-11-28 19:45:44 -07:00

SESSION_RESUME.md

Initial commit - Dutchie dispensary scraper

2025-11-28 19:45:44 -07:00

setup-local.sh

feat: Add v2 architecture with multi-state support and orchestrator services

2025-12-07 11:30:57 -07:00

start-local.sh

feat: Add local storage adapter and update CLAUDE.md with permanent rules

2025-12-06 12:36:10 -07:00

start.sh

Initial commit - Dutchie dispensary scraper

2025-11-28 19:45:44 -07:00

stop-local.sh

feat: Add v2 architecture with multi-state support and orchestrator services

2025-12-07 11:30:57 -07:00

workflow-12102025.md

fix: Add curl to Docker, add active flag to worker_tasks

2025-12-10 23:12:09 -07:00

README.md

CI/CD enabled

test trigger

CI trigger

Languages

TypeScript 54.5%

JavaScript 37.5%

PLpgSQL 3.6%

PHP 3.1%

Python 0.5%

Other 0.7%