soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix tenant event form package selector so it no longer renders empty-value options, handles loading/empty

Browse Source 
states, and pulls data from the authenticated /api/v1/tenant/packages endpoint.
    (resources/js/admin/pages/EventFormPage.tsx, resources/js/admin/api.ts)
  - Harden tenant-admin auth flow: prevent PKCE state loss, scope out StrictMode double-processing, add SPA
    routes for /event-admin/login and /event-admin/logout, and tighten token/session clearing semantics (resources/js/admin/auth/{context,tokens}.tsx, resources/js/admin/pages/{AuthCallbackPage,LogoutPage}.tsx,
    resources/js/admin/router.tsx, routes/web.php)
This commit is contained in:
Codex Agent
2025-10-19 23:00:47 +02:00
parent a949c8d3af
commit 6290a3a448
95 changed files with 3708 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/implementation-roadmap.md
View File

@@ -1,6 +1,32 @@
### Update 2025-10-21
- Phase 3 credit scope delivered: tenant event creation now honours package allowances *and* credit balances (middleware + ledger logging), RevenueCat webhook signature checks ship with queue/backoff + env config, idempotency covered via unit tests.
- Follow-up (separate): evaluate photo upload quota enforcement + SuperAdmin ledger visualisations once package analytics stabilise.
### Upcoming (Next Weeks — Security Hardening)
- Week 1
- `SEC-IO-01` dual-key rollout playbook.
- `SEC-GT-01` hashed join tokens migration.
- `SEC-API-01` signed asset URLs.
- `SEC-MS-01` AV/EXIF worker integration.
- `SEC-BILL-01` checkout session linkage.
- `SEC-FE-01` CSP nonce utility.
- Week 2
- `SEC-IO-02` refresh-token management UI. *(delivered 2025-10-23)*
- `SEC-GT-02` token analytics dashboards.
- `SEC-API-02` incident response playbook.
- `SEC-MS-02` streaming upload refactor.
- `SEC-BILL-02` webhook signature freshness.
- `SEC-FE-02` consent-gated analytics loader.
- Week 3
- `SEC-IO-03` subnet/device configuration.
- `SEC-GT-03` gallery rate-limit alerts.
- `SEC-API-03` synthetic monitoring.
- `SEC-MS-03` checksum validation alerts.
- `SEC-BILL-03` failed capture notifications.
- `SEC-FE-03` cookie banner localisation refresh.
- Week 4
- `SEC-MS-04` storage health dashboard widget (Media Services).
# Backend-Erweiterung Implementation Roadmap (Aktualisiert: 2025-09-15 - Fortschritt)
## Implementierungsstand (Aktualisiert: 2025-09-15)