softwarehuset/books
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions 1
books/frontend
History
Nicolaj Hartmann 8e05171b66 Full product audit: fix security, compliance, UX, and wire broken features 
Security (Phase 1):
- Add authentication middleware on /graphql endpoint
- Filter company queries by user access (prevent IDOR)
- Add role-based authorization on mutations (owner/accountant)
- Reduce API key cache TTL from 24h to 5 minutes
- Hide exception details in production GraphQL errors
- Fix RBAC in frontend companyStore (was hardcoded)

Wiring broken features (Phase 2):
- Wire Kassekladde submit/void/copy to GraphQL mutations
- Wire Kontooversigt account creation to createAccount mutation
- Wire Settings save to updateCompany mutation
- Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations
- Replace Momsindberetning mock data with real useVatReport query
- Remove Dashboard hardcoded percentages and fake VAT deadline
- Fix Kreditnotaer invoice selector to use real data
- Fix mutation retry from 1 to 0 (prevent duplicate operations)

Accounting compliance (Phase 3):
- Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate
- Add fiscal year boundary enforcement (status, date range checks)
- Add PostedAt timestamp to posted events (Bogføringsloven §7)
- Add account number uniqueness check within company
- Add fiscal year overlap and gap checks
- Add sequential invoice auto-numbering
- Fix InvoiceLine VAT rate to use canonical VatCodes
- Fix SAF-T account type mapping (financial → Expense)
- Add DraftLine validation (cannot have both debit and credit > 0)

UX improvements (Phase 4):
- Fix Danish character encoding across 15+ files (ø, æ, å)
- Deploy DemoDataDisclaimer on pages with mock/incomplete data
- Adopt PageHeader component universally across all pages
- Standardize active/inactive filtering to Switch pattern
- Fix dead buttons in Header (Help, Notifications)
- Remove hardcoded mock data from Settings
- Fix Sidebar controlled state and Kontooversigt navigation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 21:35:26 +01:00
..
src Full product audit: fix security, compliance, UX, and wire broken features 2026-02-05 21:35:26 +01:00
.env.development Add OpenID Connect + API Key authentication 2026-01-18 11:49:29 +01:00
.env.example Add frontend environment configuration for API URL injection 2026-01-18 03:12:45 +01:00
.env.production Add frontend environment configuration for API URL injection 2026-01-18 03:12:45 +01:00
index.html Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00
package-lock.json Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00
package.json Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00
tsconfig.json Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00
tsconfig.node.json Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00
tsconfig.tsbuildinfo Full product audit: fix security, compliance, UX, and wire broken features 2026-02-05 21:35:26 +01:00
vite.config.ts Initial commit: Books accounting system with EventFlow CQRS 2026-01-18 02:52:30 +01:00