Merge pull request #26 from werther41/security-and-bugs

Security and bugs

Author: werther41

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,61 @@
+---
+name: Bug Report
+about: Report a bug or issue
+title: "[BUG] "
+labels: bug
+assignees: ""
+---
+
+## 🐛 Bug Description
+
+A clear and concise description of what the bug is.
+
+## 🔄 Steps to Reproduce
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+## ✅ Expected Behavior
+
+A clear and concise description of what you expected to happen.
+
+## ❌ Actual Behavior
+
+A clear and concise description of what actually happened.
+
+## 📸 Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+## 🖥️ Environment
+
+- **OS**: [e.g. Windows 10, macOS 12, Ubuntu 20.04]
+- **Browser**: [e.g. Chrome 96, Firefox 95, Safari 15]
+- **Node.js Version**: [e.g. 18.17.0]
+- **App Version**: [e.g. 1.0.0]
+
+## 📋 Additional Context
+
+Add any other context about the problem here.
+
+## 🔍 Console Logs
+
+If applicable, include relevant console logs or error messages.
+
+## 🧪 Testing
+
+- [ ] I have tested this on the latest version
+- [ ] I have checked for similar issues
+- [ ] I have provided all required information
+
+## 🚨 Security Impact
+
+- [ ] This bug does not expose sensitive data
+- [ ] This bug does not allow unauthorized access
+- [ ] This bug does not compromise user privacy
+
+---
+
+**Note**: Please ensure this bug report is complete and doesn't contain sensitive information.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,55 @@
+---
+name: Feature Request
+about: Suggest a new feature or enhancement
+title: "[FEATURE] "
+labels: enhancement
+assignees: ""
+---
+
+## 🚀 Feature Description
+
+A clear and concise description of the feature you'd like to see implemented.
+
+## 💡 Motivation
+
+Why is this feature needed? What problem does it solve?
+
+## 📋 Detailed Requirements
+
+- [ ] Requirement 1
+- [ ] Requirement 2
+- [ ] Requirement 3
+
+## 🎯 Acceptance Criteria
+
+- [ ] Criterion 1
+- [ ] Criterion 2
+- [ ] Criterion 3
+
+## 🎨 Mockups/Examples
+
+If applicable, add mockups, screenshots, or examples to help explain the feature.
+
+## 🔧 Technical Considerations
+
+Any technical considerations or implementation notes.
+
+## 📚 Documentation
+
+What documentation updates would be needed?
+
+## 🧪 Testing
+
+How should this feature be tested?
+
+## 📅 Timeline
+
+When would you like this feature to be completed?
+
+## 🔗 Related Issues
+
+Link any related issues or discussions.
+
+---
+
+**Note**: Please ensure this feature aligns with the project's goals and doesn't introduce security vulnerabilities.

.github/pull_request_template.md

@@ -0,0 +1,82 @@
+# Pull Request
+
+## 📝 Description
+
+A clear and concise description of what this PR does.
+
+## 🔗 Related Issue
+
+Closes #(issue number)
+
+## 🧪 Type of Change
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Performance improvement
+- [ ] Code refactoring
+- [ ] Security enhancement
+
+## 🎯 Changes Made
+
+- [ ] Change 1
+- [ ] Change 2
+- [ ] Change 3
+
+## 🧪 Testing
+
+- [ ] I have tested these changes locally
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] I have tested the changes in different browsers/environments
+
+## 📸 Screenshots
+
+If applicable, add screenshots to help explain your changes.
+
+## 🔒 Security Checklist
+
+- [ ] No hardcoded secrets or API keys
+- [ ] No sensitive data in code or comments
+- [ ] Proper input validation and sanitization
+- [ ] No SQL injection vulnerabilities
+- [ ] No XSS vulnerabilities
+- [ ] Proper error handling without information disclosure
+- [ ] Authentication and authorization checks
+- [ ] Rate limiting considerations
+
+## 📚 Documentation
+
+- [ ] I have updated the README.md if needed
+- [ ] I have updated the API documentation if needed
+- [ ] I have added JSDoc comments for new functions
+- [ ] I have updated the CHANGELOG.md if needed
+
+## 🚀 Deployment
+
+- [ ] These changes are backward compatible
+- [ ] These changes don't require database migrations
+- [ ] These changes don't require environment variable updates
+- [ ] These changes don't break existing functionality
+
+## 🔍 Code Quality
+
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+
+## 📋 Additional Notes
+
+Any additional information that reviewers should know.
+
+## 🎯 Reviewers
+
+@werther41 - Please review this PR
+
+---
+
+**Note**: Please ensure all checkboxes are completed before requesting review.

.github/workflows/production-protection.yml

@@ -0,0 +1,69 @@
+name: Production Protection
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  security-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for sensitive data
+        run: |
+          echo "Checking for potential security issues..."
+
+          # Check for hardcoded secrets
+          if grep -r "password\|secret\|key\|token" --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx" . | grep -v "process.env" | grep -v "your-" | grep -v "example"; then
+            echo "❌ Potential hardcoded secrets found!"
+            exit 1
+          fi
+
+          # Check for environment variable usage
+          if ! grep -r "process.env" --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx" . > /dev/null; then
+            echo "⚠️  No environment variables found - ensure secrets are properly configured"
+          fi
+
+          echo "✅ Security check passed"
+
+  build-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run typecheck
+
+      - name: Lint check
+        run: npm run lint
+
+      - name: Build check
+        run: npm run build
+        env:
+          # Use dummy values for build check
+          TURSO_DATABASE_URL: "libsql://dummy.turso.io"
+          TURSO_AUTH_TOKEN: "dummy-token"
+          GOOGLE_API_KEY: "dummy-key"
+          ADMIN_SECRET: "dummy-secret"
+          CRON_SECRET: "dummy-cron-secret"
+
+  deployment-check:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    steps:
+      - name: Notify deployment
+        run: |
+          echo "🚀 Production deployment triggered"
+          echo "Branch: ${{ github.ref }}"
+          echo "Commit: ${{ github.sha }}"
+          echo "Author: ${{ github.actor }}"