feat: FASE 7 - Polish & Testing (security, i18n, test suite, docs) · dd2ebf863a - TieMeasureFlow

feat: FASE 7 - Polish & Testing (security, i18n, test suite, docs)

Security hardening: CORS lockdown, rate limiting middleware con sliding
window e eviction IP stale, security headers (CSP, HSTS, X-Frame-Options),
session cookie hardening, filename sanitization upload.

i18n completion: internazionalizzati barcode.js e csv-export.js con bridge
window.BARCODE_I18N/CSV_I18N, aggiornati .po IT/EN con 27 nuove stringhe.

Tablet UX: touch target 44px per dispositivi coarse pointer.

Test suite: 101 test totali (76 server + 25 client), copertura completa
di tutti i router API, autenticazione, ruoli, CRUD, SPC, file upload,
security integration. Infrastruttura SQLite async in-memory con fixtures.

Fix critici: MissingGreenlet in recipe_service (selectinload eager),
route ordering tasks.py, auth_service bcrypt diretto, Measurement.id
Integer per SQLite.

Documentazione: API.md (riferimento completo 40+ endpoint),
DEPLOYMENT.md (guida produzione con Docker/Nginx/SSL),
USER_GUIDE.md (manuale utente per ruolo).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

This commit is contained in:

Adriano

2026-02-07 17:10:24 +01:00

parent 26e5b9343d

commit dd2ebf863a

46 changed files with 6322 additions and 90 deletions

									
										server/config.py
									
		+4
		
												View File
												
				@@ -23,6 +23,10 @@ class Settings(BaseSettings):

				    upload_dir: str = "uploads"

				    max_upload_size_mb: int = 50

				    # Rate Limiting (requests per minute)

				    rate_limit_login: int = 5

				    rate_limit_general: int = 100

				    # SSL (Production)

				    ssl_certfile: str | None = None

				    ssl_keyfile: str | None = None