faral/pokerface
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14 commits 1 branch 0 tags 298 KiB
Commit graph

14 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jan Willem Mannaerts
ae3569e897 Add Kubernetes manifests for Grafana dashboard and Prometheus scraping
All checks were successful
Build & Push Container Image / build (push) Successful in 4s
Details 
ConfigMap with grafana_dashboard label for sidecar auto-discovery,
and ServiceMonitor for kube-prometheus-stack scrape target.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-01 01:06:19 +01:00
Jan Willem Mannaerts
c31161af19 Add Prometheus metrics and Grafana dashboard
All checks were successful
Build & Push Container Image / build (push) Successful in 9s
Details 
Instrument backend with prom-client: HTTP request count/latency,
WebSocket connections, Jira API health, session/vote/room counters,
and unique user/tenant tracking. Expose unauthenticated /metrics
endpoint. Include pre-built Grafana dashboard JSON.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-01 01:02:36 +01:00
Jan Willem Mannaerts
99cdd5b102 Fix CSP: allow wp.com image proxy for Gravatar redirects
All checks were successful
Build & Push Container Image / build (push) Successful in 6s
Details 
Gravatar 302 redirects to i0.wp.com for default/fallback avatars.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:56:37 +01:00
Jan Willem Mannaerts
4d8c2a301c Fix CSP to allow Google Fonts and Gravatar avatars
All checks were successful
Build & Push Container Image / build (push) Successful in 5s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:50:02 +01:00
Jan Willem Mannaerts
31dfbe3cca Broaden CSP img-src to allow all Atlassian avatar domains
All checks were successful
Build & Push Container Image / build (push) Successful in 5s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:40:02 +01:00
Jan Willem Mannaerts
b25631ec40 Add MIT license
All checks were successful
Build & Push Container Image / build (push) Successful in 5s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:12:39 +01:00
Jan Willem Mannaerts
fe9b51309d Show desktop-only message on mobile devices
All checks were successful
Build & Push Container Image / build (push) Successful in 8s
Details 
Pokerface is designed for desktop use. On screens below 768px, show
a simple message asking users to open on their PC or Mac. Legal
pages remain accessible on mobile.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:10:44 +01:00
Jan Willem Mannaerts
03ba19042d Harden security across frontend and backend
All checks were successful
Build & Push Container Image / build (push) Successful in 11s
Details 
1. AdfRenderer: validate href starts with https?:// before rendering links
2. Logout route: add requireAuth middleware
3. Jira API params: validate sprintId, boardId, issueIdOrKey are alphanumeric
4. CSP header: add Content-Security-Policy with restrictive defaults
5. OAuth callback: align frontendUrl fallback with index.js
6. Rate limiting: express-rate-limit on API routes + Socket.IO event throttling
7. Session KV keys: prefix with cloudId for tenant isolation defense-in-depth
8. saveScopedEstimate: use withSessionCas for atomic read-update-delete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 16:05:48 +01:00
Jan Willem Mannaerts
3ab584e2ab Update env example with full Jira scopes and add source code link to privacy page
All checks were successful
Build & Push Container Image / build (push) Successful in 8s
Details 
- Added all required Jira OAuth scopes to .env.example
- Added NATS_TOKEN and JIRA_MOCK_FALLBACK to .env.example
- Added open source section to privacy policy linking to the repo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 12:32:59 +01:00
Jan Willem Mannaerts
45dbd341a3 Fix Socket.IO origin check and force WebSocket-only transport
All checks were successful
Build & Push Container Image / build (push) Successful in 8s
Details 
Same-origin requests omit the Origin header, which was rejected in
production. Also restrict to WebSocket transport on both client and
server to eliminate need for sticky sessions with multiple replicas.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 12:28:07 +01:00
Jan Willem Mannaerts
31fbc3a1a7 Fix direct navigation to legal pages bypassing login redirect
All checks were successful
Build & Push Container Image / build (push) Successful in 8s
Details 
The checkAuth useEffect was overwriting the legal page view state
with 'login' when unauthenticated users navigated directly to
/terms, /privacy, or /support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 12:15:58 +01:00
Jan Willem Mannaerts
047d0de485 Remove dead normalizeIssue function and make legal pages linkable
All checks were successful
Build & Push Container Image / build (push) Successful in 8s
Details 
- Remove unused normalizeIssue and JIRA_STORY_POINTS_FIELD env var
- Add URL routing for /terms, /privacy, /support pages

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-27 22:42:01 +01:00
Jan Willem Mannaerts
620547c78c Add Forgejo CI/CD workflow for Docker build & push
All checks were successful
Build & Push Container Image / build (push) Successful in 15s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-27 21:21:48 +01:00
Jan Willem Mannaerts
fdd9ba8d56 Initial commit: Pokerface sprint planning poker for Jira 
Full-stack app with Express/Socket.io backend, React frontend,
NATS JetStream for state, and Atlassian Jira OAuth integration.

Includes security hardening: NATS auth support, KV bucket TTL
enforcement, CAS retry for race conditions, error message
sanitization, and OAuth state stored in NATS KV.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 21:38:37 +01:00