evidencija-rezija

knee-cola/evidencija-rezija

Fork 0

Commit Graph

Author	SHA1	Message	Date
Knee Cola	f19e1bc023	feat: secure proof-of-payment download routes with shareId validation Changes: - Update download links in UI to use shareId instead of locationID - Add shareId validation to per-bill proof download route - Add shareId validation to combined proof download route - Validate TTL before allowing downloads - Extract locationId from shareId using extractShareId helper Security: - Download routes now validate checksum and TTL - Prevents unauthorized access to proof-of-payment files - Returns 404 for invalid/expired share links 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-08 01:01:38 +01:00
Knee Cola	65b5a1cdd5	Implement proof of payment download routes Added two download routes for proof of payment files: 1. Combined route: /share/proof-of-payment/combined/[id]/ - Downloads location-level proof of payment for all utilities - Queries utilBillsProofOfPayment from location - Optimized projection for efficient data transfer 2. Per-bill route: /share/proof-of-payment/per-bill/[id]/ - Downloads proof of payment for individual bills - Parses composite ID format: locationID-billID - Finds specific bill in location's bills array - Returns bill.proofOfPayment Both routes: - Return PDF files with proper Content-Type and headers - Handle 404 for missing locations/bills/proofs - Use Base64 to binary conversion for file delivery - Include Last-Modified header for caching - Use optimized database projections 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-07 13:31:39 +01:00

Author

SHA1

Message

Date

Knee Cola

f19e1bc023

feat: secure proof-of-payment download routes with shareId validation

Changes:
- Update download links in UI to use shareId instead of locationID
- Add shareId validation to per-bill proof download route
- Add shareId validation to combined proof download route
- Validate TTL before allowing downloads
- Extract locationId from shareId using extractShareId helper

Security:
- Download routes now validate checksum and TTL
- Prevents unauthorized access to proof-of-payment files
- Returns 404 for invalid/expired share links

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-08 01:01:38 +01:00

Knee Cola

65b5a1cdd5

Implement proof of payment download routes

Added two download routes for proof of payment files:

1. Combined route: /share/proof-of-payment/combined/[id]/
   - Downloads location-level proof of payment for all utilities
   - Queries utilBillsProofOfPayment from location
   - Optimized projection for efficient data transfer

2. Per-bill route: /share/proof-of-payment/per-bill/[id]/
   - Downloads proof of payment for individual bills
   - Parses composite ID format: locationID-billID
   - Finds specific bill in location's bills array
   - Returns bill.proofOfPayment

Both routes:
- Return PDF files with proper Content-Type and headers
- Handle 404 for missing locations/bills/proofs
- Use Base64 to binary conversion for file delivery
- Include Last-Modified header for caching
- Use optimized database projections

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-07 13:31:39 +01:00

2 Commits