docs(readme): ažuriran spisak funkcija (srpski i engleski)
Dodato/ispravljeno u oba README-a: - TOTP: tajna šifrovana u bazi (AES-256-GCM) umesto netačne tvrdnje o rezervnim kodovima (nisu implementirani — premešteni u Planirano) - RBAC: naglašeno sprovođenje provere na nivou ruta i u handlerima - Backup: dodato vraćanje baze iz kopije (bezbedno, bez prekida rada) - Dodato: strukturisano logovanje (slog) i automatski testovi
This commit is contained in:
@@ -29,7 +29,7 @@ The goal is simple: everything the repair shop needs to track is located in one
|
||||
- Database migration system
|
||||
- User interface — sidebar navigation, theme system (dark/light), dashboard with statistics
|
||||
- User login — server-side sessions, account locking
|
||||
- Two-factor authentication (TOTP) — activation with a QR code, backup codes
|
||||
- Two-factor authentication (TOTP) — activation with a QR code; secret encrypted at rest (AES-256-GCM, key kept outside the database)
|
||||
- Brute-force protection — IP locking after 5 failed attempts within 15 minutes
|
||||
- CSRF protection — double-submit cookie pattern, automatic token injection into all forms
|
||||
- Security HTTP headers (CSP, X-Frame-Options, Referrer-Policy, nosniff...)
|
||||
@@ -45,16 +45,19 @@ The goal is simple: everything the repair shop needs to track is located in one
|
||||
- Settings — company name, address, Tax ID (PIB), logo; theme toggle
|
||||
- Background images — login page and app, with blur, transparency and glass effect
|
||||
- Personal theme and background — each user can set their own theme and background image
|
||||
- Permission matrix (RBAC) — admin panel for setting permissions by role
|
||||
- Permission matrix (RBAC) — admin panel for permissions by role; enforced at the route level (both mutations and views) and in handlers
|
||||
- Flash messages — one-time feedback after an action
|
||||
- Automatic SQLite backup — with configurable number of retained copies
|
||||
- Automatic SQLite backup — with configurable number of retained copies; restore from a copy (safe, with no downtime)
|
||||
- Charts — monthly revenue on reports (Chart.js)
|
||||
- Structured logging — `log/slog` (JSON in production, text in development); separate auth log in fail2ban format
|
||||
- Automated tests — unit and integration over a SQLite database (crypto, RBAC, login flows, form validators, reports)
|
||||
|
||||
### Planned
|
||||
|
||||
- Fiscalization and VAT calculation (specification in Project.md)
|
||||
- PostgreSQL support (for multi-user environments)
|
||||
- WebAuthn / Passkey login (database schema is already prepared)
|
||||
- Backup (one-time) codes for 2FA
|
||||
- Notifications (email / WhatsApp) — deferred to a later phase
|
||||
- Barcode scanning via camera — deferred to a later phase
|
||||
|
||||
|
||||
Reference in New Issue
Block a user