homeschool

Author	SHA1	Message	Date
derekc	090ebc109e	Add Ntfy push notifications for super admin events Sends alerts to a configurable Ntfy topic on: new user registration, account lockout after 5 failed login attempts, and login attempts on an already-locked account. Fire-and-forget — never raises if Ntfy is down. Configure via NTFY_URL and NTFY_TOKEN in .env. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 01:04:12 -07:00
derekc	3022bc328b	Security hardening: go-live review fixes - TV tokens upgraded from 4 to 6 digits; Regen Token button in Admin - Nginx rate limiting on TV dashboard and WebSocket endpoints - Login lockout after 5 failed attempts (15 min); clears on admin password reset - HSTS header added; CSP unsafe-inline removed from script-src; CORS restricted to explicit methods/headers - Dependency CVE fixes: PyJWT 2.12.0, aiomysql 0.3.0, cryptography 46.0.5, python-multipart 0.0.22 - datetime.utcnow() replaced with datetime.now(timezone.utc) throughout - SQL identifier whitelist for startup migration queries - README updated: security notes section, lockout docs, token regen, NPM proxy guidance Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 00:00:14 -07:00
derekc	781e179090	Fix backend deps and apply theme to all Cancel buttons - Pin bcrypt==3.2.2 to fix passlib bcrypt backend detection error - Add email-validator==2.2.0 required by Pydantic EmailStr - Add btn-sm class to Cancel buttons in Admin, Dashboard, Log, Schedule views Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-27 23:24:39 -08:00
derekc	417b3adfe8	Initial project scaffold Full-stack homeschool web app with FastAPI backend, Vue 3 frontend, MySQL database, and Docker Compose orchestration. Includes JWT auth, WebSocket real-time TV dashboard, schedule builder, activity logging, and multi-child support. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-27 22:56:56 -08:00

4 Commits