Affected modules: Projects, Clients, Tasks, Invoices, Comments, Admin, Search
- All HTML forms now include csrf_token hidden input
- JavaScript forms retrieve token from meta tag in base.html
- API endpoints properly exempted for JSON operations
- 58 POST forms + 4 dynamic JS forms now protected
Security impact: HIGH - Closes critical CSRF vulnerability
Files modified: 20 templates
BREAKING CHANGE: Removed legacy license server in favor of Stripe billing
Major changes:
- Remove license server system (563 lines removed from license_server.py)
- Add multi-tenant support with organizations and memberships
- Integrate Stripe billing and subscription management
- Enhance authentication with 2FA, password reset, and JWT tokens
- Add provisioning and onboarding flows for new customers
- Implement row-level security (RLS) for data isolation
- Add GDPR compliance features and data retention policies
- Enhance admin dashboard with billing reconciliation and customer management
- Add security scanning tools (Bandit, Gitleaks, GitHub Actions workflow)
- Implement rate limiting and enhanced password policies
- Update all routes to support organization context
- Enhance user model with billing and security fields
- Add promo code system for marketing campaigns
- Update Docker initialization for better database setup
Modified files:
- Core: app.py, app/__init__.py, app/config.py
- Models: Enhanced user model (+175 lines), updated all models for multi-tenancy
- Routes: Enhanced admin routes (+479 lines), updated all routes for org context
- Templates: Updated login, admin dashboard, and settings
- Docker: Enhanced database initialization scripts
- Dependencies: Added stripe, pyotp, pyjwt, and security packages
Deleted files:
- app/utils/license_server.py
- docs/LICENSE_SERVER_*.md (3 files)
- templates/admin/license_status.html
- test_license_server.py
New features:
- Organizations and membership management
- Stripe billing integration with webhook handling
- Enhanced authentication (2FA, password reset, refresh tokens)
- GDPR compliance and data export/deletion
- Onboarding checklist for new customers
- Promo code system
- Security enhancements (rate limiting, password policies)
- Admin tools for customer and billing management
Net change: 46 files changed, 1490 insertions(+), 1968 deletions(-)
- Add hidden username input field in user edit form
- Resolves 'Username is required' error when elevating user roles
- Maintains security by keeping visible username field disabled
- Ensures username value is properly submitted with form data
• Enhanced CSS variable system with comprehensive color palettes (50-900 scales)
• Implemented modern glass morphism effects with backdrop-blur throughout
• Added smooth animations and micro-interactions for better user feedback
• Created reusable component system with modern styling patterns
• Improved mobile experience with better touch interactions and responsive design
• Enhanced dark theme with better contrast ratios and visual hierarchy
• Updated navbar to use square corners and fixed dark mode styling issues
• Applied consistent styling patterns from clients page across all templates
• Added comprehensive theme template for future customizations
• Maintained existing blue color scheme while modernizing visual appearance
• Optimized CSS architecture with global styling patterns and reduced duplication
• Enhanced accessibility with proper focus states and WCAG compliance
• Improved button system with gradients, animations, and consistent interactions
Files modified:
- app/static/base.css: Enhanced with modern styling system
- app/static/mobile.css: Improved mobile experience and touch interactions
- app/static/theme-template.css: Comprehensive theme export template
- app/templates/_components.html: Modernized reusable components
- Multiple template files: Applied consistent styling patterns
- Documentation: Added comprehensive guides and summaries
Breaking changes: None - all existing functionality preserved
- Update Kanban board: remove alert system, clean up styling and JavaScript
- Enhance task management: add collapsible filters, improve button layouts
- Improve mobile responsiveness: standardize colors, spacing, and component styling
- Modernize CSS: implement CSS custom properties for consistent theming
- Update templates: standardize button styling and layout across all pages
- Refactor invoice interface: improve form layouts and visual consistency
- Enhance admin pages: better spacing and mobile-friendly designs
This update provides a more cohesive and modern user experience across
desktop and mobile devices with improved accessibility and visual consistency.
Add admin PDF Layout Editor with local GrapesJS (no CDN)
Routes:
GET/POST /admin/pdf-layout (save, server-side default seeding)
POST /admin/pdf-layout/reset (clear custom template)
GET /admin/pdf-layout/default (serve default body HTML/CSS)
POST /admin/pdf-layout/preview (render preview with sample context)
Invoice PDF generator: support custom HTML/CSS and i18n; add default template and CSS
Preview: sanitize Jinja, add helpers (format_date, format_money), sample item
Base layout: include head_extra and scripts_extra
Editor UI: removed quick blocks, preview, and insert variables; keep load/save/reset
Vendor GrapesJS under app/static/vendor/grapesjs and load locally
README: document the new feature and usage
- Integrate Flask-Babel and i18n utilities; initialize in app factory
- Add `preferred_language` to `User` with Alembic migration (011_add_user_preferred_language)
- Add `babel.cfg` and `scripts/extract_translations.py`
- Add `translations/` for en, de, fr, it, nl, fi
- Update templates to use `_()` and add language picker in navbar/profile
- Respect locale in routes and context processors; persist user preference
- Update requirements and Docker/Docker entrypoint for Babel/gettext support
- Minor copy and style adjustments across pages
Migration: run `alembic upgrade head`
Make user dropdown fully dark; fix hover/divider; remove white overlay
Mobile dropdown respects dark vars; improve navbar-collapse bg/z-index
Improve action button grouping/contrast across pages
Add dark-mode variants for badges, lists, pagination, utilities
Refresh Log Time page: card header, mini-cards for Start/End, unified labels
Group Save/Clear actions; Back remains secondary
Per-user theme preference: model column + migration (003) + POST /auth/profile/theme
Base loads user theme (fallback to local/system); remove admin theme selector
- Create and use shared page_header macro for consistent info headers
- Apply new header styling to:
- Dashboard, Projects, Clients, Invoices (removed filter dropdown), Reports, Timer (manual)
- System Info, Admin Users (list + form)
- Profile, Edit Profile
- Tasks (list, my tasks, overdue)
- Analytics (desktop + mobile)
- About, Help
- Add shared header/badge utilities in base.css for consistent spacing and badges
- Align summary cards and table/button styles with admin dashboard
- Footer: add “Buy me a coffee” link (https://buymeacoffee.com/DryTrix)
models/user: add nullable full_name and display_name property (fallback to username)
migrations: add 002_add_user_full_name to introduce users.full_name
auth/profile: show and allow editing full_name; persist on POST
templates:
use display_name across navbar, dashboard greeting, tasks (list/view/edit/my/overdue), projects view, reports (user/project), invoices (creator and generate-from-time), and admin (dashboard/users)
keep username where appropriate (e.g., read-only admin form field)
reports:
aggregate/group by display_name in summaries
CSV export writes display_name instead of username
projects: get_user_totals returns display names when available
main/dashboard: replace inline Jinja in script with data attribute flag to satisfy linter
tasks/view: remove Jinja desc() usage; iterate over pre-ordered time_entries from route and slice to 5
fixes jinja2 UndefinedError: 'desc' is undefined
Add app/utils/backup.py with create_backup/restore_backup
Include DB dump (SQLite file or pg_dump custom), settings.json, uploads/, manifest.json (incl. alembic_revision)
Use local-time timestamps in filenames and metadata
PostgreSQL: call pg_dump/pg_restore with host/port/user/db and PGPASSWORD
Restore runs migrations to head for older data compatibility
Admin
/admin/backup now generates and downloads a .zip archive
New /admin/restore (template: templates/admin/restore.html) for uploading and restoring backups
Refresh admin dashboard visuals (hero header, hover-lift cards, soft buttons), keep color scheme
Remove “System Overview” card from dashboard
CLI
Add flask backup_create and flask backup_restore <archive.zip>
Docker
Install PostgreSQL client tools; switch to PGDG postgresql-client-16 to match server v16
Docs/Config
No schema changes; retains existing settings and migrations
Notes:
Requires pg_dump/pg_restore inside the app image (now included)
Backups saved under project-root/backups and streamed to user on demand
- Improve web interface layout for better user-friendliness and mobile responsiveness
* Update CSS variables for consistent spacing and component sizing
* Enhance card layouts with improved padding, borders, and shadows
* Optimize button and form element dimensions for better touch targets
* Add hover effects and animations for improved user interaction
* Implement responsive grid system with mobile-first approach
- Refactor mobile JavaScript to prevent duplicate initialization
* Consolidate mobile enhancements into dedicated utility classes
* Add initialization guards to prevent double loading
* Implement MobileUtils and MobileNavigation classes
* Remove duplicate event listeners and mobile enhancements
- Fix circular import issue in logo handling
* Replace problematic 'from app import app' with Flask's current_app
* Add error handling for cases where current_app is unavailable
* Improve logo path resolution with fallback mechanisms
* Fix settings model to use proper Flask context
- Clean up template code and remove duplication
* Remove duplicate mobile enhancements from base template
* Clean up dashboard template JavaScript
* Centralize all mobile functionality in mobile.js
* Add proper error handling and debugging
- Update CSS variables and spacing system
* Introduce --section-spacing and --card-spacing variables
* Add mobile-specific spacing variables
* Improve border-radius and shadow consistency
* Enhance typography and visual hierarchy
This commit resolves the double loading issue and logo import errors while
significantly improving the overall user experience and mobile responsiveness
of the web interface.
