WellNuo

Author	SHA1	Message	Date
Sergei	671374da9a	Improve BLE WiFi error handling and logging - setWiFi() now throws detailed errors instead of returning false - Shows specific error messages: "WiFi credentials rejected", timeout etc. - Added logging throughout BLE WiFi configuration flow - Fixed WiFi network deduplication (keeps strongest signal) - Ignore "Operation cancelled" error (normal cleanup behavior) - BatchSetupProgress shows actual error in hint field 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-26 19:10:45 -08:00
Sergei	4a4fc5c077	fix(security): add input validation for POST/PATCH endpoints - Install express-validator package - Add validation to beneficiaries.js: - POST /: name (string 1-200), phone (optional), address (optional) - PATCH /🆔 name (string 1-200), phone, address, customName (max 100) - Add validation to stripe.js: - create-checkout-session: userId, beneficiaryName, beneficiaryAddress, email - create-portal-session: customerId (string) - create-payment-sheet: email (valid email), amount (positive int) - create-subscription: beneficiaryId (int), paymentMethodId (string) - cancel-subscription: beneficiaryId (int) - reactivate-subscription: beneficiaryId (int) - create-subscription-payment-sheet: beneficiaryId (int) - confirm-subscription-payment: subscriptionId (string) - Add validation to invitations.js: - POST /: beneficiaryId (int), role (enum: caretaker/guardian), email (valid) - POST /accept: code (string) - POST /accept-public: code (string) - PATCH /🆔 role (enum: caretaker/guardian) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-26 16:47:35 -08:00
Sergei	2f25940e0a	fix(security): update qs to fix DoS vulnerability (GHSA-6rw7-vpxm-498p) npm audit fix resolves high severity qs <6.14.1 vulnerability that allows arrayLimit bypass via bracket notation causing memory exhaustion. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-26 16:43:15 -08:00
Sergei	e74d1a4b26	Show user role under beneficiary name - Added role field to Beneficiary type - Display role (Custodian/Guardian/Caretaker) in small gray text under name - Role comes from user_access table via API 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-09 19:08:12 -08:00
Sergei	3a20d5cc08	Add security middleware to backend Security features: - Helmet: Security headers (XSS, clickjacking protection) - CORS: Whitelist only allowed domains - Rate Limiting: 100 req/15min general, 5 req/15min for auth - Stripe webhook signature verification (already had) - Admin API key protection (already had) Allowed origins: - wellnuo.smartlaunchhub.com - wellnuo.com - localhost (dev) - Expo dev URLs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-19 09:50:27 -08:00
Sergei	e1b32560ff	Add Node.js backend with Stripe integration and admin panel Backend features: - Express.js API server - Supabase database integration - Stripe Checkout for payments ($249 kit + $9.99/mo premium) - Stripe webhooks for payment events - Admin panel with order management - Auth middleware with JWT - Email service via Brevo API endpoints: - /api/stripe/* - Payment processing - /api/webhook/stripe - Stripe webhooks - /api/admin/* - Admin operations - /function/well-api/api - Legacy API proxy Database migrations: - orders, subscriptions, push_tokens tables Schemes updated: - Removed updatedAt from all schemes - Updated credentials section with live values - Added Stripe configuration details 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-19 09:49:24 -08:00

6 Commits