Fix tenant event form package selector so it no longer renders empty-value options, handles loading/empty

states, and pulls data from the authenticated /api/v1/tenant/packages endpoint. (resources/js/admin/pages/EventFormPage.tsx, resources/js/admin/api.ts) - Harden tenant-admin auth flow: prevent PKCE state loss, scope out StrictMode double-processing, add SPA routes for /event-admin/login and /event-admin/logout, and tighten token/session clearing semantics (resources/js/admin/auth/{context,tokens}.tsx, resources/js/admin/pages/{AuthCallbackPage,LogoutPage}.tsx, resources/js/admin/router.tsx, routes/web.php)
2025-10-19 23:00:47 +02:00
parent a949c8d3af
commit 6290a3a448
95 changed files with 3708 additions and 394 deletions
--- a/docs/todo/security-hardening-epic.md
+++ b/docs/todo/security-hardening-epic.md
@@ -9,31 +9,56 @@ Raise the baseline security posture across guest APIs, checkout, media storage,
   - Dual-key rollout for JWT signing with rotation runbook and monitoring.
   - Refresh-token revocation tooling (per device/IP) and anomaly alerts.
   - Device fingerprint/subnet allowances documented and configurable.
+   - **Tickets**
+     - `SEC-IO-01` — Generate dual-key rollout playbook + automation (Week 1). *(Runbook: `docs/deployment/oauth-key-rotation.md`; commands: `oauth:list-keys`, `oauth:prune-keys`)*
+     - `SEC-IO-02` — Build refresh-token management UI + audit logs (Week 2). *(Filament console + audit trail added 2025-10-23)*
+     - `SEC-IO-03` — Implement subnet/device matching configuration & tests (Week 3).

 2. **Guest Join Tokens (Guest Platform)**
   - Store hashed tokens with irreversible lookups; migrate legacy data.
   - Add per-token usage analytics, alerting on spikes or expiry churn.
-  - Extend gallery/photo rate limits (token + IP) and surface breach telemetry in storage dashboards.
+   - Extend gallery/photo rate limits (token + IP) and surface breach telemetry in storage dashboards.
+   - **Tickets**
+    - `SEC-GT-01` — Hash join tokens + data migration script (Week 1).
+    - `SEC-GT-02` — Implement token analytics + Grafana dashboard (Week 2). *(Logging + Filament summaries delivered 2025-10-23; monitoring dashboard still pending)*
+    - `SEC-GT-03` — Tighten gallery/photo rate limits + alerting (Week 3).

 3. **Public API Resilience (Core API)**
   - Serve signed asset URLs instead of raw storage paths; expire appropriately.
   - Document incident response runbooks and playbooks for abuse mitigation.
   - Add synthetic monitors for `/api/v1/gallery/*` and upload endpoints.
+   - **Tickets**
+     - `SEC-API-01` — Signed URL middleware + asset migration (Week 1).
+     - `SEC-API-02` — Incident response playbook draft + review (Week 2). *(Runbook: `docs/deployment/public-api-incident-playbook.md`, added 2025-10-23)*
+     - `SEC-API-03` — Synthetic monitoring + alert config (Week 3).

 4. **Media Pipeline & Storage (Media Services)**
   - Integrate antivirus/EXIF scrubbers and streaming upload paths to avoid buffering.
   - Verify checksum integrity on hot → archive transfers with alert thresholds.
   - Surface storage target health (capacity, latency) in Super Admin dashboards.
+   - **Tickets**
+    - `SEC-MS-01` — AV + EXIF scrubber worker integration (Week 1). *(Job: `ProcessPhotoSecurityScan`, queue: `media-security`)*
+    - `SEC-MS-02` — Streaming upload refactor + tests (Week 2). *(Requirements draft: `docs/todo/media-streaming-upload-refactor.md`, 2025-10-23)*
+     - `SEC-MS-03` — Checksum validation + alert thresholds (Week 3).
+     - `SEC-MS-04` — Storage health widget in Super Admin (Week 4).

 5. **Payments & Webhooks (Billing)**
   - Link Stripe/PayPal webhooks to checkout sessions with idempotency locks.
   - Add signature freshness validation + retry policies for provider outages.
   - Pipe failed capture events into credit ledger audits and operator alerts.
+   - **Tickets**
+     - `SEC-BILL-01` — Checkout session linkage + idempotency locks (Week 1).
+     - `SEC-BILL-02` — Signature freshness + retry policy implementation (Week 2).
+     - `SEC-BILL-03` — Failed capture notifications + ledger hook (Week 3).

 6. **Frontend & CSP (Marketing Frontend)**
   - Replace `unsafe-inline` allowances with nonce/hash policies for Stripe + Matomo.
   - Gate analytics script injection behind consent with localised disclosures.
   - Broaden cookie banner layout to surface GDPR/legal copy clearly.
+   - **Tickets**
+     - `SEC-FE-01` — CSP nonce/hashing utility + rollout (Week 1).
+     - `SEC-FE-02` — Consent-gated analytics loader refactor (Week 2).
+     - `SEC-FE-03` — Cookie banner UX update + localisation (Week 3).

 ## Deliverables
 - Updated docs (`docs/prp/09-security-compliance.md`, runbooks) with ownership & SLAs.