check-printing

Author	SHA1	Message	Date
steve	5d66d1f575	fix(deps): force qs >= 6.15.2 to resolve DoS advisory express 4 pins qs to ~6.14.0, which falls in the vulnerable range of GHSA-q8mj-m7cp-5q26 (remotely triggerable TypeError in qs.stringify). Add an npm override so the transitive dependency resolves to the patched 6.15.2.	2026-06-11 22:29:52 -06:00
steve	7d105bce21	chore: bump version to 0.4.6 TODO to Issues / todo (push) Has been cancelled Details Build and push Docker image / build-push (push) Has been cancelled Details	2026-05-02 17:22:31 -06:00
steve	0ee95dbb09	chore: bump version to 0.4.5 Build and push Docker image / build-push (push) Has been cancelled Details	2026-04-13 08:28:46 -06:00
steve	c4e4a8c246	chore: bump version to 0.4.3 Build and push Docker image / build-push (push) Has been cancelled Details	2026-04-11 10:23:17 -06:00
steve	37d70b4d82	chore: bump version to 0.4.2 Build and push Docker image / build-push (push) Has been cancelled Details	2026-04-11 09:51:20 -06:00
steve	f9f6a4cd9a	chore: bump version to 0.4.1 Build and push Docker image / build-push (push) Has been cancelled Details	2026-04-11 09:44:22 -06:00
steve	a4be7c4cff	chore: bump version to 0.4.0 Build and push Docker image / build-push (push) Has been cancelled Details	2026-04-10 19:56:12 -06:00
dependabot[bot]	0c4e190952	Bump nodemailer from 8.0.4 to 8.0.5 Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.4 to 8.0.5. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-09 20:50:24 +00:00
steve	01ca9a08d1	chore: bump version to 0.3.0	2026-04-09 14:49:26 -06:00
steve	3b1a35b7f2	feat: add OIDC login with account linking Add OpenID Connect as an alternative login method. Users can sign in via an external identity provider (e.g., Authentik, Keycloak, Google). - OIDC settings configured in admin UI (discovery URL, client ID/secret, redirect URI, button label, enable/disable toggle) - PKCE-based authorization code flow with state and nonce validation - Admin can manually link any user's OIDC identity (sub/issuer fields) - Self-service linking: logged-in users can link/unlink their own account - SSO button conditionally shown on login page when OIDC is enabled - Username in header now clickable to open profile for all users - Callback errors/success communicated via URL hash fragments	2026-04-09 14:48:50 -06:00
steve	e902c6fc24	Merge pull request #4 from snachodog/dependabot/npm_and_yarn/picomatch-2.3.2 Bump picomatch from 2.3.1 to 2.3.2	2026-03-31 10:51:38 -06:00
steve	1b56c2964c	Merge pull request #2 from snachodog/dependabot/npm_and_yarn/brace-expansion-5.0.5 Bump brace-expansion from 5.0.4 to 5.0.5	2026-03-31 10:46:15 -06:00
steve	d9210beea0	Merge pull request #3 from snachodog/dependabot/npm_and_yarn/path-to-regexp-0.1.13 Bump path-to-regexp from 0.1.12 to 0.1.13	2026-03-31 10:36:52 -06:00
dependabot[bot]	a4d48a15c1	Bump picomatch from 2.3.1 to 2.3.2 Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 16:34:26 +00:00
dependabot[bot]	c99f42974d	Bump nodemailer from 6.10.1 to 8.0.4 Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 6.10.1 to 8.0.4. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodemailer/nodemailer/compare/v6.10.1...v8.0.4) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 16:26:11 +00:00
steve	3b1f196f67	chore: update package-lock.json for nodemailer	2026-03-31 10:24:57 -06:00
dependabot[bot]	396df413ab	Bump path-to-regexp from 0.1.12 to 0.1.13 Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 0.1.12 to 0.1.13. - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13) --- updated-dependencies: - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-30 17:55:41 +00:00
dependabot[bot]	96a400e1bc	Bump brace-expansion from 5.0.4 to 5.0.5 Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](https://github.com/juliangruber/brace-expansion/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 5.0.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-27 15:09:50 +00:00
steve	f827210a07	Implement user authentication and role-based access control Three-tier user model: admin (all accounts, all actions), editor (assigned accounts, read/write), viewer (assigned accounts, read-only). Backend: - express-session with custom SQLite session store (no extra packages) - bcryptjs for password hashing - src/middleware/auth.js: requireAuth, requireAdmin, requireEditor, canAccessAccount helpers - src/routes/auth.js: login, logout, /me, setup-needed, change-password - src/routes/users.js: full CRUD + account assignments (admin only) - All API routes protected; /api/accounts filtered by user access; write routes gated by requireEditor; admin-only routes locked down Frontend: - Login overlay (full-page) with first-run admin-setup flow - Role-based UI: admin-only elements hidden for non-admins; edit/delete and PDF buttons hidden for viewers; account switcher shows only accessible accounts for non-admins - Users modal (admin only): user list with role badges, create/edit/delete users, set account access via checkboxes - Change-password section available to all logged-in users - apiFetch redirects to login on 401	2026-03-18 22:55:17 -06:00
dependabot[bot]	0cd4ceb67e	Bump multer from 1.4.5-lts.2 to 2.1.1 Bumps [multer](https://github.com/expressjs/multer) from 1.4.5-lts.2 to 2.1.1. - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](https://github.com/expressjs/multer/compare/v1.4.5-lts.2...v2.1.1) --- updated-dependencies: - dependency-name: multer dependency-version: 2.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-13 00:01:46 +00:00
steve	68300d0375	Add .mdb import button and modal with server-side migration runner	2026-03-12 14:15:13 -06:00
steve	179a8c23fe	Add package-lock.json for reproducible Docker builds	2026-03-12 12:51:49 -06:00

22 Commits