Trek_CN/client
jubnl 6f5550dc50
fix: decouple at-rest encryption from JWT_SECRET, add JWT rotation
Introduces a dedicated ENCRYPTION_KEY for encrypting stored secrets
(API keys, MFA TOTP, SMTP password, OIDC client secret) so that
rotating the JWT signing secret no longer invalidates encrypted data,
and a compromised JWT_SECRET no longer exposes stored credentials.

- server/src/config.ts: add ENCRYPTION_KEY (auto-generated to
  data/.encryption_key if not set, same pattern as JWT_SECRET);
  switch JWT_SECRET to `export let` so updateJwtSecret() keeps the
  CJS module binding live for all importers without restart
- apiKeyCrypto.ts, mfaCrypto.ts: derive encryption keys from
  ENCRYPTION_KEY instead of JWT_SECRET
- admin POST /rotate-jwt-secret: generates a new 32-byte hex secret,
  persists it to data/.jwt_secret, updates the live in-process binding
  via updateJwtSecret(), and writes an audit log entry
- Admin panel (Settings → Danger Zone): "Rotate JWT Secret" button
  with a confirmation modal warning that all sessions will be
  invalidated; on success the acting admin is logged out immediately
- docker-compose.yml, .env.example, README, Helm chart (values.yaml,
  secret.yaml, deployment.yaml, NOTES.txt, README): document
  ENCRYPTION_KEY and its upgrade migration path
2026-04-01 07:57:55 +02:00
..
public v2.6.2 — TREK Rebrand, OSM Enrichment, File Management, Hotel Bookings & Bug Fixes 2026-03-28 16:38:08 +01:00
scripts Add PWA support for iOS home screen install 2026-03-21 22:21:23 +01:00
src fix: decouple at-rest encryption from JWT_SECRET, add JWT rotation 2026-04-01 07:57:55 +02:00
index.html fix: harden PWA caching and client-side auth security 2026-03-31 00:33:58 +00:00
package-lock.json feat: adds better gpx track views 2026-03-31 10:29:49 +02:00
package.json chore: bump version to 2.7.1 2026-03-30 21:25:35 +02:00
postcss.config.js Initial commit — NOMAD (Navigation Organizer for Maps, Activities & Destinations) 2026-03-18 23:58:08 +01:00
tailwind.config.js Initial commit — NOMAD (Navigation Organizer for Maps, Activities & Destinations) 2026-03-18 23:58:08 +01:00
tsconfig.json refactoring: TypeScript migration, security fixes, 2026-03-27 18:40:18 +01:00
vite.config.js fix: harden PWA caching and client-side auth security 2026-03-31 00:33:58 +00:00