MOPC-Portal

MOPC/MOPC-Portal

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matt	b85a9b9a7b	fix: security hardening + performance refactoring (code review batch 1) - IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id - Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min) - 6 compound indexes added to Prisma schema - N+1 eliminated in processRoundClose (batch updateMany/createMany) - N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries) - Service extraction: juror-reassignment.ts (578 lines) - Dead code removed: award.ts, cohort.ts, decision.ts (680 lines) - 35 bare catch blocks replaced across 16 files - Fire-and-forget async calls fixed - Notification false positive bug fixed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-07 16:18:24 +01:00
Matt	c1b3a6ade3	Fix email links broken in Outlook and standardize all email URLs All checks were successful Build and Push Docker Image / build (push) Successful in 9m33s Details - Rewrite ctaButton to use td-background pattern (works in all clients including Outlook, Gmail, Yahoo, Apple Mail) instead of VML/conditional comments that broke link clicking in Outlook desktop - Add plaintext fallback URL below every CTA button so users always have a working link even if the button fails - Add getBaseUrl() and ensureAbsoluteUrl() helpers in email.ts to guarantee all email links are absolute https:// URLs - Apply ensureAbsoluteUrl safety net in sendStyledNotificationEmail and sendNotificationEmail so relative paths can never reach email templates - Standardize all NEXTAUTH_URL fallbacks to https://portal.monaco-opc.com (was inconsistently http://localhost:3000 or https://monaco-opc.com) - Fix legacy notification.ts: wrong argument order in sendJuryInvitationEmail (URL was passed as name parameter) - Fix legacy notification.ts: missing NEXTAUTH_URL fallback for evaluation reminder URL construction - Change tooltip styling from red bg to white bg with black text Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 14:27:58 +01:00
Matt	a606292aaa	Initial commit: MOPC platform with Docker deployment setup Full Next.js 15 platform with tRPC, Prisma, PostgreSQL, NextAuth. Includes production Dockerfile (multi-stage, port 7600), docker-compose with registry-based image pull, Gitea Actions CI workflow, nginx config for portal.monaco-opc.com, deployment scripts, and DEPLOYMENT.md guide. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-30 13:41:32 +01:00

Author

SHA1

Message

Date

Matt

b85a9b9a7b

fix: security hardening + performance refactoring (code review batch 1)

- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id
- Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min)
- 6 compound indexes added to Prisma schema
- N+1 eliminated in processRoundClose (batch updateMany/createMany)
- N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries)
- Service extraction: juror-reassignment.ts (578 lines)
- Dead code removed: award.ts, cohort.ts, decision.ts (680 lines)
- 35 bare catch blocks replaced across 16 files
- Fire-and-forget async calls fixed
- Notification false positive bug fixed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 16:18:24 +01:00

Matt

c1b3a6ade3

Fix email links broken in Outlook and standardize all email URLs

Build and Push Docker Image / build (push) Successful in 9m33s

Details

- Rewrite ctaButton to use td-background pattern (works in all clients
  including Outlook, Gmail, Yahoo, Apple Mail) instead of VML/conditional
  comments that broke link clicking in Outlook desktop
- Add plaintext fallback URL below every CTA button so users always have
  a working link even if the button fails
- Add getBaseUrl() and ensureAbsoluteUrl() helpers in email.ts to
  guarantee all email links are absolute https:// URLs
- Apply ensureAbsoluteUrl safety net in sendStyledNotificationEmail and
  sendNotificationEmail so relative paths can never reach email templates
- Standardize all NEXTAUTH_URL fallbacks to https://portal.monaco-opc.com
  (was inconsistently http://localhost:3000 or https://monaco-opc.com)
- Fix legacy notification.ts: wrong argument order in
  sendJuryInvitationEmail (URL was passed as name parameter)
- Fix legacy notification.ts: missing NEXTAUTH_URL fallback for
  evaluation reminder URL construction
- Change tooltip styling from red bg to white bg with black text

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-23 14:27:58 +01:00

Matt

a606292aaa

Initial commit: MOPC platform with Docker deployment setup

Full Next.js 15 platform with tRPC, Prisma, PostgreSQL, NextAuth.
Includes production Dockerfile (multi-stage, port 7600), docker-compose
with registry-based image pull, Gitea Actions CI workflow, nginx config
for portal.monaco-opc.com, deployment scripts, and DEPLOYMENT.md guide.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-30 13:41:32 +01:00

3 Commits