git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-04-24 13:54:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,933 Commits 37 Branches 1 Tag
main
Commit Graph

9 Commits

Author SHA1 Message Date
rw
9d4244891e fix(ci,deps): correct action versions and patch security vulnerabilities 
GitHub Actions:
- checkout@v4 → @v6 (v6 is current, v4 was wrong downgrade)
- upload-artifact@v4 → @v7 (latest), @v6 → @v7 in dbal-tests.yml
- download-artifact@v4 → @v8 (latest)
- cache@v6 → @v5 (v6 does not exist, v5 is latest)
- codeql-action@v4 confirmed correct

Security (Dependabot):
- next 16.1.5 → 16.1.7 (dockerterminal): HTTP smuggling, CSRF, DoS fixes
- PyJWT 2.10.1 → 2.12.0 (5 requirements.txt): unknown crit header bypass
- CairoSVG 2.8.2 → 2.9.0 (pcbgenerator): recursive <use> ReDoS
- postgres overrides: add hono >=4.12.4, @hono/node-server >=1.19.10,
  rollup >=4.59.0, serialize-javascript >=7.0.3 for transitive vulns

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-20 20:13:54 +00:00
dependabot[bot]
61b4044905 chore(deps): bump black 
Bumps the pip group with 1 update in the /services/email_service directory: [black](https://github.com/psf/black).


Updates `black` from 24.3.0 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.3.0...26.3.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 20:31:25 +00:00
johndoe6345789
75b67f8683 sync: align fat repo structure with metabuilder-small 
Remove stale dirs/files superseded by metabuilder-small's reorganization:
- Old YAML entity/seed files (migrated to JSON)
- Root-level workflowui/ (moved to frontends/workflowui/)
- Prisma, Pyodide, old hooks, bun.lock artifacts
- Legacy scratch docs (txt/, docs/, deployment/*.md)
- Stale CI workflows consolidated in small

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 22:46:13 +00:00
johndoe6345789
862cc29457 various changes 2026-03-09 22:30:41 +00:00
dependabot[bot]
e2015d29e2 chore(deps): bump the pip group across 5 directories with 8 updates 
---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-version: 6.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-version: 24.3.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-version: 22.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: aiohttp
  dependency-version: 3.13.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-version: 6.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-version: 22.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-version: 3.1.5
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-version: 6.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-version: 22.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-version: 3.1.5
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-01 02:31:52 +00:00
johndoe6345789
46f8daebb9 stuff 2026-01-24 00:25:09 +00:00
johndoe6345789
df5398a7ee feat(auth): Phase 7 Flask authentication middleware with JWT and multi-tenant isolation 
Complete implementation of enterprise-grade authentication middleware for email service:

Features:
- JWT token creation/validation with configurable expiration
- Bearer token extraction and validation
- Multi-tenant isolation enforced at middleware level
- Role-based access control (RBAC) with user/admin roles
- Row-level security (RLS) for resource access
- Automatic request logging with user context and audit trail
- CORS configuration for email client frontend
- Rate limiting (50 req/min per user with Redis backend)
- Comprehensive error handling with proper HTTP status codes

Implementation:
- Enhanced src/middleware/auth.py (415 lines)
  - JWTConfig class for token management
  - create_jwt_token() for token generation
  - decode_jwt_token() for token validation
  - @verify_tenant_context decorator for auth middleware
  - @verify_role decorator for RBAC
  - verify_resource_access() for row-level security
  - log_request_context() for audit logging

Testing:
- 52 comprehensive test cases covering all features
- 100% pass rate with fast execution (0.15s)
- Test categories: JWT, multi-tenant, RBAC, RLS, logging, integration
- Full coverage of error scenarios and edge cases

Documentation:
- AUTH_MIDDLEWARE.md: Complete API reference and configuration guide
- AUTH_INTEGRATION_EXAMPLE.py: Real-world usage examples for 5+ scenarios
- PHASE_7_SUMMARY.md: Implementation summary with checklist
- Inline code documentation with type hints

Security:
- Multi-tenant data isolation at all levels
- Constant-time password comparison
- JWT signature validation
- CORS protection
- Rate limiting against abuse
- Comprehensive audit logging

Dependencies Added:
- PyJWT==2.8.1

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-01-24 00:20:19 +00:00
johndoe6345789
990a45fd34 feat(email-service): complete Phase 7 Flask API with PostgreSQL, encryption, multi-tenant support, rate limiting, and comprehensive test coverage 
Phase 7 Implementation:

CORE FEATURES:
- Flask REST API with 5 endpoints (create, list, get, update, delete)
- PostgreSQL persistence with SQLAlchemy ORM
- SHA-512 credential encryption with random salt
- Multi-tenant safety with row-level access control (RLS)
- Rate limiting: 50 requests/minute per user via Flask-Limiter + Redis
- JWT bearer token + header-based authentication
- Full CORS support for email client frontend

DATABASE LAYER (src/db.py):
- PostgreSQL connection pool management
- Connection pooling with QueuePool (production)
- Database health check endpoint
- Environment-based configuration

MODELS (src/models/):
- EmailAccount: Complete ORM model with multi-tenant indexes
- CredentialManager: SHA-512 password hashing with salt
- Account CRUD: create, read, update, soft-delete operations

MIDDLEWARE (src/middleware/):
- Authentication: Multi-tenant context verification (JWT + headers)
- Rate limiting: Per-user rate limiting (50 req/min)
- Request logging: Audit trail with user context
- Role-based access control (RBAC) support

API ENDPOINTS (src/routes/accounts.py):
- POST /api/accounts - Create account with validation
- GET /api/accounts - List with pagination (limit/offset)
- GET /api/accounts/{id} - Get account details
- PUT /api/accounts/{id} - Update account settings
- DELETE /api/accounts/{id} - Soft delete
- GET /health - Health check

VALIDATION:
- Required fields: accountName, emailAddress, hostname, port, username, password
- Port validation: 1-65535
- Protocol: imap or pop3
- Encryption: none, tls, or starttls
- Email format validation

SECURITY:
- Passwords never stored in plaintext (SHA-512 + salt)
- Passwords never returned in API responses
- Multi-tenant isolation enforced (tenantId + userId filtering)
- Cross-tenant access attempts blocked and logged
- Constant-time password comparison (prevents timing attacks)
- CORS restricted to approved origins

TESTING (tests/):
- conftest.py: Pytest fixtures (app, client, auth headers, sample data)
- test_accounts.py: 40+ comprehensive tests
  * Account creation (6 tests)
  * List accounts (4 tests)
  * Get account (3 tests)
  * Update account (3 tests)
  * Delete account (3 tests)
  * Credential encryption (3 tests)
  * Rate limiting (1 test)
  * Error handling (5 tests)
  * Health check (1 test)
  * Multi-tenant safety (3 tests)

ERROR HANDLING:
- 400: Bad Request (validation errors)
- 401: Unauthorized (missing/invalid auth)
- 403: Forbidden (cross-tenant/cross-user access)
- 404: Not Found
- 409: Conflict (email already exists)
- 429: Rate Limited
- 500: Internal Server Error

CONFIGURATION:
- .env.example: Complete environment template
- pytest.ini: Test runner configuration
- requirements.txt: All Python dependencies (Flask, SQLAlchemy, etc.)

DOCUMENTATION:
- PHASE7_README.md: Complete guide with architecture, API docs, setup, testing

DEPLOYMENT READY:
- Production-grade error handling
- Request logging and auditing
- Database connection pooling
- Rate limiting with Redis fallback
- Health check endpoint
- Docker-compatible

MULTI-TENANT SAFETY (CRITICAL):
 Every query filters by tenant_id + user_id
 Users cannot see other users' accounts
 Tenants cannot access other tenants' data
 Cross-tenant access logged and blocked
 Row-level access control (RLS) enforced

NEXT PHASES:
- Phase 6: Workflow Plugins (IMAP sync, SMTP send)
- Phase 8: Docker deployment with Compose

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-01-24 00:18:33 +00:00
johndoe6345789
a72bf02911 feat(services): create Python email service (IMAP/SMTP) 
- Create Flask app with CORS and health check endpoint
- Implement account management: create, list, get, delete
- Implement sync control: trigger IMAP sync, check status, cancel
- Implement compose: send emails, manage drafts
- Add IMAPClient wrapper with incremental sync and UID tracking
- Add SMTP sender with attachment support (images, audio, docs)
- Add Dockerfile with multi-stage build for production
- Add .env.example and comprehensive README with API documentation

Includes:
- Multi-tenant safety with tenantId/userId filtering
- Encrypted credential handling via DBAL
- Celery-ready async task structure
- Full email parsing: headers, recipients, body (text/HTML)
- Folder type inference from IMAP flags
- Attachment parsing and handling
- Base64 encode/decode for attachment data

Task 7.1: Email Service Backend Implementation
 2026-01-23 19:35:10 +00:00