Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8582769f92a44d915f82449896340f05ca5eda3b
opencrm/backend/src/routes
T
History
duffyduck 8582769f92 Security-Hardening Runde 3: JWT, trust-proxy, weitere IDORs, Attachment-Härtung 
- JWT-Algorithmus fest auf HS256 (Defense-in-Depth gegen alg-confusion)
- app.set('trust proxy', 1) – Rate-Limiter wirkt jetzt auch hinter Reverse-Proxy
- IDOR-Fix: Invoice-ECD-Endpoints + PDF-Template-Generierung (canAccessContract/ECD)
- Email-Anhang-Download: Content-Type-Safelist, SVG nie inline, nosniff, Filename-CRLF-Sanitize
- Provider/Tariff-GET-Routen: requirePermission('providers:read') (Portal-Kunden raus)
- SMTP-Header-Injection zentral in sendEmail blockiert (schützt alle Caller)
- bcrypt-Cost 10 → 12 (OWASP 2026)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 09:38:25 +02:00
..
address.routes.ts
first commit
2026-01-29 01:16:54 +01:00
appSetting.routes.ts
added backup and email client
2026-02-01 00:02:35 +01:00
auditLog.routes.ts
complete new audit system
2026-03-21 18:23:54 +01:00
auth.routes.ts
Version 1.0.0: Passwort-Reset + Rate-Limiting + Auto-Geburtstagsgrüße
2026-04-23 17:14:27 +02:00
bankcard.routes.ts
first commit
2026-01-29 01:16:54 +01:00
birthday.routes.ts
Geburtstag-Management-Modal mit Reset + Send + Auto-Flag
2026-04-23 12:46:03 +02:00
cachedEmail.routes.ts
Email-Anhänge als Vertragsdokumente + Rechnungen für alle Vertragstypen
2026-04-23 13:06:10 +02:00
cancellation-period.routes.ts
first commit
2026-01-29 01:16:54 +01:00
consent-public.routes.ts
gdpr audit implemented, email log, vollmachten, pdf delete cancel data privacy and vollmachten, removed message no id card in engergy car, and other contracts that are not telecom contracts, added insert counter for engery
2026-03-21 11:59:53 +01:00
contract-duration.routes.ts
first commit
2026-01-29 01:16:54 +01:00
contract.routes.ts
added place to telecommunication, added contract documents, added invoice to other contracts
2026-03-25 16:55:48 +01:00
contractCategory.routes.ts
added backup and email client
2026-02-01 00:02:35 +01:00
contractHistory.routes.ts
added contract history
2026-02-08 19:24:37 +01:00
contractTask.routes.ts
first commit
2026-01-29 01:16:54 +01:00
customer.routes.ts
first commit
2026-01-29 01:16:54 +01:00
developer.routes.ts
complete new audit system
2026-03-21 18:23:54 +01:00
document.routes.ts
first commit
2026-01-29 01:16:54 +01:00
emailLog.routes.ts
gdpr audit implemented, email log, vollmachten, pdf delete cancel data privacy and vollmachten, removed message no id card in engergy car, and other contracts that are not telecom contracts, added insert counter for engery
2026-03-21 11:59:53 +01:00
emailProvider.routes.ts
Mandantenfähigkeit: Domain + Kunden-E-Mail-Label dynamisch pro Provider
2026-04-23 15:43:19 +02:00
factoryDefaults.routes.ts
Factory-Defaults: Export + Import von Stammdaten-Katalogen
2026-04-23 14:10:12 +02:00
gdpr.routes.ts
impressum datenschutz added
2026-03-25 15:25:34 +01:00
invoice.routes.ts
added invoices and status in cockpit, created info button for contract status types
2026-02-08 01:18:12 +01:00
meter.routes.ts
gdpr audit implemented, email log, vollmachten, pdf delete cancel data privacy and vollmachten, removed message no id card in engergy car, and other contracts that are not telecom contracts, added insert counter for engery
2026-03-21 11:59:53 +01:00
pdfTemplate.routes.ts
PDF-Auftragsvorlagen-System, Objekttyp/Lage-Felder, Eigentümer-Fallback bei Bankverbindung
2026-04-05 19:16:47 +02:00
platform.routes.ts
first commit
2026-01-29 01:16:54 +01:00
provider.routes.ts
Security-Hardening Runde 3: JWT, trust-proxy, weitere IDORs, Attachment-Härtung
2026-04-24 09:38:25 +02:00
stressfreiEmail.routes.ts
added backup and email client
2026-02-01 00:02:35 +01:00
tariff.routes.ts
Security-Hardening Runde 3: JWT, trust-proxy, weitere IDORs, Attachment-Härtung
2026-04-24 09:38:25 +02:00
upload.routes.ts
complete new audit system
2026-03-21 18:23:54 +01:00
user.routes.ts
first commit
2026-01-29 01:16:54 +01:00