davide/ecommerce-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14 Commits 1 Branch 0 Tags
2a6c3a12222426dc82f12e49724ef5693eda05df
Commit Graph

10 Commits

Author SHA1 Message Date
davide 2a6c3a1222 fix(security): validate file uploads with magic bytes, remove SVG from favicon whitelist 
- Add validateImageMagicBytes() to storage.ts reading first 12 bytes
  to verify JPEG/PNG/WebP/ICO signatures regardless of declared MIME type
- Remove image/svg+xml from favicon upload whitelist (SVG can embed scripts)
- Apply magic bytes check in product image and favicon upload endpoints
 2026-05-19 10:09:53 +02:00
davide 7afb609386 fix: hide slug field in product type form, auto-generate from name 
Lo slug viene calcolato automaticamente dal nome senza che l'utente
debba compilarlo — il campo è rimosso dal form ma continua ad essere
inviato nel payload e visibile nella tabella.
 2026-05-19 09:17:17 +02:00
davide 46d1596dce fix: update tsconfig target from deprecated ES5 to ES2017 2026-05-19 09:01:51 +02:00
davide 3b800463f5 fix: accept price in currency units instead of cents in product form 
Il campo prezzo del form admin ora accetta valori in unità (es. 19.99)
invece di centesimi (1999). La conversione *100 avviene al submit,
il DB e Stripe continuano a ricevere centesimi.
 2026-05-19 08:58:46 +02:00
davide 2c6c847d76 feat: replace Docker named volumes with local bind mounts and add backup script 
- docker-compose.yml: sostituisce pgdata/uploads/caddy_data/caddy_config con bind mount su ./data/
- app/public/.gitkeep: crea cartella richiesta dal Dockerfile durante il build
- scripts/backup.sh: backup automatico di DB (pg_dump) e uploads con rotazione 30 giorni
- docs/BACKUP.md: guida completa backup, ripristino e setup cron
- .gitignore: aggiorna con data/ e backups/
 2026-05-19 08:49:28 +02:00
davide b62c02adc1 feat: add favicon upload and footer customization to admin settings 
- Admin settings page now has sections for general settings, footer, and favicon
- Footer component reads footer_copyright and footer_links from DB
- New API route POST /api/admin/upload/favicon saves uploaded image and updates favicon_url in DB
- Textarea support added for footer_links JSON field
 2026-05-18 22:50:07 +02:00
davide b33eee8bea docs: add favicon, reorganize docs and add customization guide 
- Add icon.png as default favicon (cropped to remove transparent padding)
- Fix layout.tsx to use icon.png as fallback when favicon_url is not set in DB
- Move ADMIN_GUIDE.md to docs/ folder
- Add docs/CUSTOMIZATION.md with guide on how to customize icon, title, footer
 2026-05-18 22:49:22 +02:00
davide 676b173414 feat: add product image upload to admin panel 
- Add storage.ts utility (saveImage, deleteImageFile) for local disk operations
- Add POST /api/admin/products/[id]/images: validates MIME type and 5MB limit, saves file, creates MediaAsset record
- Add DELETE /api/admin/products/[id]/images?imageId=: removes file and DB record
- Add Images section to product edit form (hidden for new products until saved)
- Display images in square aspect-ratio grid matching storefront display
- Support multi-file upload; hover to reveal delete button
 2026-05-18 17:54:09 +02:00
davide b3097670c0 infra: add persistent uploads volume and configure Caddy to serve static images 
- Add named Docker volume `uploads` mounted at /app/public/uploads in app container
- Share same volume with Caddy at /srv/uploads for direct static file serving
- Add Caddy `handle /uploads/*` block so images bypass Next.js (standalone mode does not serve runtime public files)
- Create uploads directory with correct nextjs:nodejs ownership in Dockerfile
- Add mkdir safeguard in entrypoint.sh
 2026-05-18 17:54:00 +02:00
davide a8d4c158b8 Commit iniziale 2026-05-18 15:25:38 +02:00