docs: add FORK.md with feature summary
- Document all security features added - Document UX improvements added - Include migration strategy and backward compatibility notes - Provide enable instructions for optional features
This commit is contained in:
Matteo
@@ -0,0 +1,69 @@
|
|||||||
|
# Fork Summary
|
||||||
|
|
||||||
|
This fork adds optional security features and UX improvements with **zero breaking changes** and **minimal migration overhead**. All security features are **disabled by default** via feature flags.
|
||||||
|
|
||||||
|
## Security Features Added
|
||||||
|
|
||||||
|
1. **Password Reset** - Token-based password reset flow (`/auth/password-reset-request`, `/auth/password-reset-confirm`)
|
||||||
|
2. **Refresh Token Rotation** - Prevents token reuse by rotating refresh tokens on each use
|
||||||
|
3. **Audit Logging** - Logs security events (logins, password changes, deletions) for compliance
|
||||||
|
|
||||||
|
## UX Improvements Added
|
||||||
|
|
||||||
|
1. **Profile Page** - View and edit personal information, change password (`/profile`)
|
||||||
|
2. **Select All Button** - Quick selection of all drawings in current view
|
||||||
|
3. **Sort Dropdown** - Improved sort controls with icons and separate direction toggle
|
||||||
|
4. **Auto-hide Header** - Editor header auto-hides to maximize drawing space (with toggle)
|
||||||
|
|
||||||
|
## Backward Compatibility
|
||||||
|
|
||||||
|
✅ All security features disabled by default
|
||||||
|
✅ No breaking changes to existing code
|
||||||
|
✅ Graceful degradation (missing tables don't cause errors)
|
||||||
|
✅ Optional database migration
|
||||||
|
|
||||||
|
## Enable Security Features
|
||||||
|
|
||||||
|
Set in `backend/.env`:
|
||||||
|
```bash
|
||||||
|
ENABLE_PASSWORD_RESET=true
|
||||||
|
ENABLE_REFRESH_TOKEN_ROTATION=true
|
||||||
|
ENABLE_AUDIT_LOGGING=true
|
||||||
|
```
|
||||||
|
|
||||||
|
Then run migration:
|
||||||
|
```bash
|
||||||
|
cd backend && npx prisma migrate deploy
|
||||||
|
```
|
||||||
|
|
||||||
|
## Migration Strategy
|
||||||
|
|
||||||
|
**For base project:** Keep features disabled (default) - no migration needed, zero risk.
|
||||||
|
|
||||||
|
**For this fork:** Enable features via environment variables when ready.
|
||||||
|
|
||||||
|
## Database Changes
|
||||||
|
|
||||||
|
Migration adds 3 optional tables (only used when features enabled):
|
||||||
|
- `PasswordResetToken` - For password reset flow
|
||||||
|
- `RefreshToken` - For token rotation tracking
|
||||||
|
- `AuditLog` - For security event logging
|
||||||
|
|
||||||
|
## Code Changes
|
||||||
|
|
||||||
|
### Backend
|
||||||
|
- Feature flags in `backend/src/config.ts`
|
||||||
|
- Conditional logic in auth endpoints
|
||||||
|
- Graceful error handling for missing tables
|
||||||
|
- New endpoints: `/auth/profile` (PUT), `/auth/change-password` (POST)
|
||||||
|
- Audit logging utility (`backend/src/utils/audit.ts`)
|
||||||
|
|
||||||
|
### Frontend
|
||||||
|
- Password reset pages (`/reset-password`, `/reset-password-confirm`)
|
||||||
|
- Profile page (`/profile`)
|
||||||
|
- Select All button in Dashboard
|
||||||
|
- Sort dropdown with icons
|
||||||
|
- Auto-hide header in Editor with toggle
|
||||||
|
- Updated API client for token rotation
|
||||||
|
|
||||||
|
All changes are backward compatible and optional.
|
||||||
Reference in New Issue
Block a user