mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-06 03:30:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: Remove license server and add multi-tenant SaaS infrastructure

Browse Source 
BREAKING CHANGE: Removed legacy license server in favor of Stripe billing

Major changes:
- Remove license server system (563 lines removed from license_server.py)
- Add multi-tenant support with organizations and memberships
- Integrate Stripe billing and subscription management
- Enhance authentication with 2FA, password reset, and JWT tokens
- Add provisioning and onboarding flows for new customers
- Implement row-level security (RLS) for data isolation
- Add GDPR compliance features and data retention policies
- Enhance admin dashboard with billing reconciliation and customer management
- Add security scanning tools (Bandit, Gitleaks, GitHub Actions workflow)
- Implement rate limiting and enhanced password policies
- Update all routes to support organization context
- Enhance user model with billing and security fields
- Add promo code system for marketing campaigns
- Update Docker initialization for better database setup

Modified files:
- Core: app.py, app/__init__.py, app/config.py
- Models: Enhanced user model (+175 lines), updated all models for multi-tenancy
- Routes: Enhanced admin routes (+479 lines), updated all routes for org context
- Templates: Updated login, admin dashboard, and settings
- Docker: Enhanced database initialization scripts
- Dependencies: Added stripe, pyotp, pyjwt, and security packages

Deleted files:
- app/utils/license_server.py
- docs/LICENSE_SERVER_*.md (3 files)
- templates/admin/license_status.html
- test_license_server.py

New features:
- Organizations and membership management
- Stripe billing integration with webhook handling
- Enhanced authentication (2FA, password reset, refresh tokens)
- GDPR compliance and data export/deletion
- Onboarding checklist for new customers
- Promo code system
- Security enhancements (rate limiting, password policies)
- Admin tools for customer and billing management

Net change: 46 files changed, 1490 insertions(+), 1968 deletions(-)
This commit is contained in:
Dries Peeters
2025-10-07 22:06:19 +02:00
parent 3f4b273b18
commit 3b564f83d7
153 changed files with 33698 additions and 1974 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
env.example
View File

@@ -59,3 +59,30 @@ WTF_CSRF_TIME_LIMIT=3600
# Logging
LOG_LEVEL=INFO
LOG_FILE=/data/logs/timetracker.log
# Security settings
FORCE_HTTPS=true # Redirect HTTP to HTTPS (disable for local dev)
REMEMBER_COOKIE_SECURE=false # Set to 'true' in production with HTTPS
CONTENT_SECURITY_POLICY= # Custom CSP if needed (optional)
# Password policy
PASSWORD_MIN_LENGTH=12
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_DIGITS=true
PASSWORD_REQUIRE_SPECIAL=true
PASSWORD_EXPIRY_DAYS=0 # 0 = no expiry, or set to 90 for 90-day rotation
PASSWORD_HISTORY_COUNT=5
# Rate limiting
RATELIMIT_ENABLED=true
RATELIMIT_DEFAULT=200 per day;50 per hour
RATELIMIT_STORAGE_URI=memory:// # Use redis://localhost:6379 for production
# GDPR compliance
GDPR_EXPORT_ENABLED=true
GDPR_DELETION_ENABLED=true
GDPR_DELETION_DELAY_DAYS=30 # Grace period before permanent deletion
# Data retention
DATA_RETENTION_DAYS=0 # 0 = no automatic deletion, or set to 365 for 1-year retention