talk2me

adelorenzo/talk2me

Fork 0

Commit Graph

Author	SHA1	Message	Date
Adolfo Delorenzo	fa951c3141	Add comprehensive database integration, authentication, and admin dashboard This commit introduces major enhancements to Talk2Me: ## Database Integration - PostgreSQL support with SQLAlchemy ORM - Redis integration for caching and real-time analytics - Automated database initialization scripts - Migration support infrastructure ## User Authentication System - JWT-based API authentication - Session-based web authentication - API key authentication for programmatic access - User roles and permissions (admin/user) - Login history and session tracking - Rate limiting per user with customizable limits ## Admin Dashboard - Real-time analytics and monitoring - User management interface (create, edit, delete users) - System health monitoring - Request/error tracking - Language pair usage statistics - Performance metrics visualization ## Key Features - Dual authentication support (token + user accounts) - Graceful fallback for missing services - Non-blocking analytics middleware - Comprehensive error handling - Session management with security features ## Bug Fixes - Fixed rate limiting bypass for admin routes - Added missing email validation method - Improved error handling for missing database tables - Fixed session-based authentication for API endpoints 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-03 18:21:56 -06:00
Adolfo Delorenzo	aedface2a9	Add comprehensive input validation and sanitization Frontend Validation: - Created Validator class with comprehensive validation methods - HTML sanitization to prevent XSS attacks - Text sanitization removing dangerous characters - Language code validation against allowed list - Audio file validation (size, type, extension) - URL validation preventing injection attacks - API key format validation - Request size validation - Filename sanitization - Settings validation with type checking - Cache key sanitization - Client-side rate limiting tracking Backend Validation: - Created validators.py module for server-side validation - Audio file validation with size and type checks - Text sanitization with length limits - Language code validation - URL and API key validation - JSON request size validation - Rate limiting per endpoint (30 req/min) - Added validation to all API endpoints - Error boundary decorators on all routes - CSRF token support ready Security Features: - Prevents XSS through HTML escaping - Prevents SQL injection through input sanitization - Prevents directory traversal in filenames - Prevents oversized requests (DoS protection) - Rate limiting prevents abuse - Type checking prevents type confusion attacks - Length limits prevent memory exhaustion - Character filtering prevents control character injection All user inputs are now validated and sanitized before processing. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-02 22:58:17 -06:00

Author

SHA1

Message

Date

Adolfo Delorenzo

fa951c3141

Add comprehensive database integration, authentication, and admin dashboard

This commit introduces major enhancements to Talk2Me:

## Database Integration
- PostgreSQL support with SQLAlchemy ORM
- Redis integration for caching and real-time analytics
- Automated database initialization scripts
- Migration support infrastructure

## User Authentication System
- JWT-based API authentication
- Session-based web authentication
- API key authentication for programmatic access
- User roles and permissions (admin/user)
- Login history and session tracking
- Rate limiting per user with customizable limits

## Admin Dashboard
- Real-time analytics and monitoring
- User management interface (create, edit, delete users)
- System health monitoring
- Request/error tracking
- Language pair usage statistics
- Performance metrics visualization

## Key Features
- Dual authentication support (token + user accounts)
- Graceful fallback for missing services
- Non-blocking analytics middleware
- Comprehensive error handling
- Session management with security features

## Bug Fixes
- Fixed rate limiting bypass for admin routes
- Added missing email validation method
- Improved error handling for missing database tables
- Fixed session-based authentication for API endpoints

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-03 18:21:56 -06:00

Adolfo Delorenzo

aedface2a9

Add comprehensive input validation and sanitization

Frontend Validation:
- Created Validator class with comprehensive validation methods
- HTML sanitization to prevent XSS attacks
- Text sanitization removing dangerous characters
- Language code validation against allowed list
- Audio file validation (size, type, extension)
- URL validation preventing injection attacks
- API key format validation
- Request size validation
- Filename sanitization
- Settings validation with type checking
- Cache key sanitization
- Client-side rate limiting tracking

Backend Validation:
- Created validators.py module for server-side validation
- Audio file validation with size and type checks
- Text sanitization with length limits
- Language code validation
- URL and API key validation
- JSON request size validation
- Rate limiting per endpoint (30 req/min)
- Added validation to all API endpoints
- Error boundary decorators on all routes
- CSRF token support ready

Security Features:
- Prevents XSS through HTML escaping
- Prevents SQL injection through input sanitization
- Prevents directory traversal in filenames
- Prevents oversized requests (DoS protection)
- Rate limiting prevents abuse
- Type checking prevents type confusion attacks
- Length limits prevent memory exhaustion
- Character filtering prevents control character injection

All user inputs are now validated and sanitized before processing.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-02 22:58:17 -06:00

2 Commits