2 Commits

Author SHA1 Message Date
alro65 ab4c9c81b0 Security hardening: env SECRET_KEY, rate limiting, input validation, ownership checks
- SECRET_KEY desde variable de entorno (warn si no configurado)
- login: rate limiting (10 intentos / 15 min) + validación next param (open redirect fix)
- update_status: allowlist de estados válidos antes de ejecutar SQL
- purchase_update_status: allowlist contra PURCHASE_STATUSES
- save/clear_signature: allowlist _SIG_COLS para col derivado del request
- upload_invoice: validación de extensión contra ALLOWED_DOCS
- update_fields, update_labor, upload_photo, add_part_to_order: ownership check (empresa)
- update_status, save/clear_signature: ownership check en WO mutations
- auth.py: contraseña admin inicial desde ADMIN_PASSWORD env var

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 02:14:04 -04:00
alro65 67a0e674ca Initial commit — MarineMaintenance v1.0
Marine maintenance management: work orders with photos, ISM/SWP procedures,
MSDS, inventory, RFQ/purchases, vessel history, bilingual PDF reports.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 01:54:20 -04:00