sergei_t/WellNuo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98 Commits 3 Branches 1 Tag
Commit Graph

4 Commits

Author SHA1 Message Date
Sergei
2f25940e0a fix(security): update qs to fix DoS vulnerability (GHSA-6rw7-vpxm-498p) 
npm audit fix resolves high severity qs <6.14.1 vulnerability that allows
arrayLimit bypass via bracket notation causing memory exhaustion.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-26 16:43:15 -08:00
Sergei
e74d1a4b26 Show user role under beneficiary name 
- Added role field to Beneficiary type
- Display role (Custodian/Guardian/Caretaker) in small gray text under name
- Role comes from user_access table via API

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-09 19:08:12 -08:00
Sergei
3a20d5cc08 Add security middleware to backend 
Security features:
- Helmet: Security headers (XSS, clickjacking protection)
- CORS: Whitelist only allowed domains
- Rate Limiting: 100 req/15min general, 5 req/15min for auth
- Stripe webhook signature verification (already had)
- Admin API key protection (already had)

Allowed origins:
- wellnuo.smartlaunchhub.com
- wellnuo.com
- localhost (dev)
- Expo dev URLs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-19 09:50:27 -08:00
Sergei
e1b32560ff Add Node.js backend with Stripe integration and admin panel 
Backend features:
- Express.js API server
- Supabase database integration
- Stripe Checkout for payments ($249 kit + $9.99/mo premium)
- Stripe webhooks for payment events
- Admin panel with order management
- Auth middleware with JWT
- Email service via Brevo

API endpoints:
- /api/stripe/* - Payment processing
- /api/webhook/stripe - Stripe webhooks
- /api/admin/* - Admin operations
- /function/well-api/api - Legacy API proxy

Database migrations:
- orders, subscriptions, push_tokens tables

Schemes updated:
- Removed updatedAt from all schemes
- Updated credentials section with live values
- Added Stripe configuration details

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-19 09:49:24 -08:00