Open
Conversation
- Implemented GET /api/notifications to fetch admin notifications with pagination and unread count. - Added PATCH /api/notifications/:id/read to mark a specific notification as read. - Added PATCH /api/notifications/read-all to mark all notifications as read. - Integrated authentication middleware to secure notification routes. docs: create production upgrade plan for government services platform - Drafted comprehensive upgrade plan addressing security audits, role-based access control, department architecture, database redesign, backend hardening, frontend overhaul, scalability, and additional production features. - Included detailed vulnerability assessments and prioritized action items for immediate fixes. - Outlined implementation phases and deployment architecture for a robust government services platform.
…in routes - Deleted console log statements in certificateService, contactService, and schemeService routes to clean up the code. - Updated error responses to provide a generic internal error message instead of exposing specific error details. - Removed unused exports and files related to Prisma WASM. - Added new migration for production upgrade, including changes to the database schema and new tables for Department, AuditLog, Session, Notification, and GrievanceActivity. - Altered existing tables to include new columns and foreign key constraints.
…iple components for a consistent theme docs: add project guide with setup instructions, tech stack, and API endpoints
…nd lazy loading, and compression middleware for improved performance and stability.
…, and add admin functionality to forward grievances between departments.
…and spam prevention, and add a public endpoint for recent grievances.
- Implemented DELETE endpoint for departments in backend/routes/departments.ts - Added checks to prevent deletion if department has associated data (admins, services, grievances, feedbacks) - Invalidated department caches upon successful deletion - Created audit log entry for department deletions feat: extend AdminRequest type to include assignedServices and createdById - Updated backend/types/express.ts to include new fields in AdminRequest type feat: add RequireDeptAdminOrAbove route guard - Introduced RequireDeptAdminOrAbove component in frontend/src/App.tsx to restrict access to certain routes for department admins and above feat: enhance AdminSidebar to show department admin options - Updated frontend/src/components/ui/AdminSidebar.tsx to conditionally render management options for department admins feat: modify AdminManagementPage to handle individual admins and service assignments - Updated frontend/src/pages/AdminManagementPage.tsx to allow creation and management of individual admins with assigned services - Added service assignment functionality for individual admins feat: implement optimistic UI updates for admin and department management - Enhanced frontend/src/pages/AdminDepartments.tsx and AdminManagementPage.tsx to optimistically update UI on admin and department actions (toggle, delete) fix: ensure loading state is managed correctly during fetch operations - Updated loading state handling in various fetch functions across frontend pages to improve user experience feat: add service assignment to individual admins in AdminManagement - Implemented checkbox selection for service assignments in frontend/src/pages/AdminManagementPage.tsx - Updated API client to handle assignedServices during admin creation and updates
…mins with confirmation dialogs
…ontactService, and UserSchemeService; implement image upload in UserGrievancesService; enhance UserFeedbackService with toast notifications; introduce CookieConsent component for cookie management; add file upload handling in backend
…rievance and service routes with image and PDF upload functionality; implement caching for public endpoints; improve security by rejecting invalid token types
…of old files on updates across certificate, contact, grievance, and scheme services
…gure proxy trust and CORS, set secure cross-site cookies, and refine Prisma indexes.
…roved type safety and performance - Updated AdminEmergencyService to use TypeScript interfaces for EmergencyDept and improved state management. - Removed dummy data and ensured services are fetched correctly from local storage. - Enhanced AdminManagement with React Query for data fetching and pagination, optimizing admin and department data handling. - Implemented optimistic updates for admin status toggling and deletion. - Added pagination controls for better navigation through admin records. Refactor EditCertificateService and EditSchemeService for better type definitions - Introduced ApplicationType enum in EditCertificateService for clearer application type handling. - Improved type safety in state management for process steps, documents, eligibility, and contacts. - Updated EditSchemeService to ensure proper type handling in state updates and event handlers. Refactor UserFeedbackService and UserGrievancesService to utilize React Query - Replaced manual data fetching with React Query for departments and grievances, improving data handling and loading states. - Enhanced feedback and grievance statistics calculation upon data load. - Streamlined state management and removed unnecessary loading states. General code cleanup and optimization - Removed unused imports and variables across various components. - Updated tailwind.config.ts to include tailwindcss-animate plugin. - Modified tsconfig.json to exclude test files from compilation. - Improved Vite configuration for path resolution.
…es; implement 'mark all as read' functionality for notifications
… improved flexibility
…pment; add Vercel configuration for frontend routing
…grievance requests; remove OTP handling from frontend and backend
Wrapped list filtering and statistics computation in `useMemo` hooks in `UserDashboard`, `UserCertificateService`, and `UserSchemeService`. Also separated stats calculations from filtering calculations so that searching doesn't trigger a recount of all stats, reducing unnecessary work on keystrokes and renders. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…filters-12887528760403167642 ⚡ Bolt: Optimize user pages with useMemo for filtering and stats calculations
- Converted `allowedOrigins` array to `allowedOriginsSet` - Updated CORS middleware to use `Set.has()` for faster lookups - Performance improvement verified with benchmark (approx. 3x speedup for lookups) Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…3552492114200790 ⚡ Optimize CORS origin lookup complexity
Introduced getAuthorizedOffice helper to enforce permission checks for Super, Department, and Individual admins across all office management endpoints. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…05874225221 🔒 [security] Fix IDOR in Office Management
- Defined `ApiError` interface extending `Error` with `statusCode` and `status` properties. - Updated `errorHandler` to use `ApiError` instead of `any`. - Exported `ApiError` for use in other parts of the application. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…84634776923862089 🧹 Improve type safety for errorHandler middleware
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…ings Replaced `any` types with `string` for iteration variables in `arr.map` and `arr.filter` callbacks. Since `arr` is strongly typed as `string[]`, the items are guaranteed to be strings. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
🎯 What: Replaced the `any` cast when fetching the admin object from the cache (`queryCache.get<any>`) with the proper `AdminRequest["admin"]` type in `backend/middleware/auth.ts`. 💡 Why: Explicitly typing the cache value avoids `any` types spreading into the application, reducing the chance of runtime errors due to incorrect field usage downstream, and improving IDE code completion and developer experience. ✅ Verification: Ran `npm run build:check` to ensure there are no TypeScript errors. Restored the unintended `package-lock.json` changes. ✨ Result: The Express Request object (`req.admin`) is properly typed without needing the `as any` escape hatch, improving overall codebase maintainability. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Removed unnecessary `console.log` statement and the associated `result` variable assignment in `backend/index.ts` to declutter production logs and improve code maintainability. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…ce.tsx Replace the 'any[]' array initializations for 'allProcessSteps', 'allEligibilityItems', 'allDocuments', and 'allContacts' with strict, inferred typing using the existing state interfaces to improve code health and type safety. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
Replaces the `any` type in `setFormData` with a strictly typed `SessionFormData` interface to improve type safety and maintainability. Updates `messageHandler` casts to prevent compilation regressions when extracting the form data for database submission. Co-authored-by: udai7 <156228729+udai7@users.noreply.github.com>
…113305239626476664 🧹 [code health] Fix 'any' type cast in auth middleware
🧹 [Fix loose types in sessionService]
…66567854218612791 🔒 [security fix] Fix ReDoS in errorHandler.ts
…50243632 🧹 [Code Health] Fix 'any' cast for caching in auth middleware
…-8190166880379144184 🧹 [code health improvement description] Fix loosely typed parameter in array mapping
…83277 🧹 [Remove dead test file]
…12122029 🔒 [security fix] Fix IDOR in Contact Service routes
…24490 🧹 [Remove debug logging in index.ts]
🧹 [code health] Fix 'any' type array initialization in EditCertificateService.tsx
…t-967636312690632352 🔒 [Security Fix] Enforce Pagination Limit on Admin Management Endpoint
…t-scheme-16705916796677380096 🧹 [remove debug console.logs]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.