a949c8d3af
hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads, attach packages, and surface localized success/error states. - Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/ PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent creation, webhooks, and the wizard CTA. - Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/ useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages, Checkout) with localized copy and experiment tracking. - Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations. - Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke test for the hero CTA while reconciling outstanding checklist items.
2.0 KiB
2.0 KiB
09 — Security & Compliance
- Roles:
super_admin,tenant_admin,member; guest upload via signed tokens. - Policies: all tenant-owned models gated; Super Admin bypass via explicit ability.
- Audit: record impersonation and destructive actions with actor, target, reason.
- Logging: structured, no PII; add request/trace IDs; redact secrets.
- GDPR: retention settings per tenant; deletion workflows; legal pages managed via CMS-like resource.
- Rate limits: per-tenant, per-user, per-device; protect upload and admin mutations.
2025 Hardening Priorities
- Identity & OAuth — Owner: Backend Platform
Track JWT key rotation viaoauth:rotate-keys, roll out dual-key support (old/new KID overlap), surface refresh-token revocation tooling, and extend IP/device binding rules for long-lived sessions. - Guest Join Tokens — Owner: Guest Platform
Hash stored join tokens, add anomaly metrics (usage spikes, stale tokens), and tighten gallery/photo rate limits with visibility in storage dashboards. - Public API Resilience — Owner: Core API
Ensure gallery/download endpoints serve signed URLs, expand abuse throttles (token + IP), and document incident response runbooks in ops guides. - Media Pipeline & Storage — Owner: Media Services
Introduce antivirus + EXIF scrubbing workers, stream uploads to disk to avoid buffering, and enforce checksum verification during hot→archive transfers with configurable alerts fromStorageHealthService. - Payments & Webhooks — Owner: Billing
Align legacy Stripe hooks with checkout sessions, add idempotency locks/signature expiry checks, and plug failed capture notifications into the credit ledger audit trail. - Frontend & CSP — Owner: Marketing Frontend
Replace unsafe-inline allowances (Stripe/Matomo) with nonce or hashed CSP rules, gate analytics injection behind consent, and localise cookie-banner copy that discloses data sharing.
Progress updates belong in docs/changes/ and roadmap status in docs/implementation-roadmap.md.