mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-24 15:20:52 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ebfbf39de3a5107f31ee06ac762f5962b5bfcda
TimeTracker/requirements.txt
T
Dries Peeters 1ebfbf39de refactor: comprehensive code quality, security, and performance improvements 
Performance:
- Fix N+1 queries in reports.py with joinedload for TimeEntry.project,
  TimeEntry.user, TimeEntry.task, and Project.client across 6 query locations
- Replace per-task time_entries loops with batch UPDATE queries in tasks.py
- Use efficient subquery for favorite project IDs in projects.py

Architecture:
- Add get_by_id() and get_by_name() methods to ProjectService and ClientService
- Route project/client lookups through service layer in timer.py, projects.py,
  and clients.py instead of direct Model.query calls

Security:
- Add sanitize_input() with length limits to form inputs in clients.py,
  projects.py, timer.py, issues.py, and auth.py
- Add email format validation for client creation
- Warn at startup when SECRET_KEY uses the default value or is too short
  in ProductionConfig
- Replace 7 bare except: pass clauses with specific exception types
  (OSError, IOError, TypeError, ValueError) in admin.py, settings.py,
  and invoice.py

Authorization:
- Migrate all @admin_required decorators to @admin_or_permission_required()
  with granular permissions (manage_roles, manage_kanban, manage_webhooks,
  manage_api_tokens, manage_integrations, access_admin) across permissions.py,
  kanban.py, webhooks.py, and admin.py (28 routes total)

Frontend:
- Remove 40+ console.log debug statements across 18 JS files
- Replace 42 inline onclick/onchange handlers in base.html with delegated
  event listeners using data-dropdown and data-no-propagation attributes
- Migrate 6 inline handlers in time_entries_overview.html to addEventListener
- Extract shared typing detection into typing-utils.js, eliminating 5
  duplicate isTyping() implementations across keyboard shortcut files
- Add missing aria-label attributes to icon-only buttons

Dependencies:
- Migrate from pytz to stdlib zoneinfo (Python 3.9+) across all 6 files
  that used pytz; replace pytz with tzdata in requirements.txt
- Separate dev/test dependencies into requirements-dev.txt
- Configure RotatingFileHandler (10MB, 5 backups) for app and JSON logs

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-06 07:56:23 +01:00

81 lines
1.2 KiB
Plaintext
Raw Blame History

# Core Flask dependencies
Flask==3.0.0
Flask-SQLAlchemy==3.1.1
Flask-Migrate==4.0.5
Flask-Login==0.6.3
Flask-SocketIO==5.3.6
# OAuth / OIDC
Authlib==1.3.1
PyJWT==2.8.0
# Database
SQLAlchemy==2.0.23
alembic==1.13.1
psycopg2-binary==2.9.9
# Web server
gunicorn==23.0.0
eventlet==0.40.3
# Security and forms
Flask-WTF==1.2.1
Flask-Limiter==3.8.0
# Utilities
python-dotenv==1.0.0
tzdata>=2023.3
python-dateutil==2.8.2
Werkzeug==3.0.6
requests==2.32.4
# Email
Flask-Mail==0.9.1
# Excel export
openpyxl==3.1.2
# PDF Generation
WeasyPrint==60.2
pydyf==0.10.0
Pillow==10.4.0
reportlab==4.0.7
# Background tasks
APScheduler==3.10.4
# Internationalization
Flask-Babel==4.0.0
Babel==2.14.0
# Security
cryptography==45.0.6
markdown==3.6
bleach==6.1.0
# Analytics and Monitoring
python-json-logger==2.0.7
sentry-sdk==1.40.0
prometheus-client==0.19.0
posthog==3.1.0
# API Documentation
flask-swagger-ui==5.21.0
apispec==6.3.0
marshmallow==3.20.1
# OCR for receipt scanning
pytesseract==0.3.10
# Payment Gateway Integration
stripe==7.0.0
# Calendar Integration
google-api-python-client==2.100.0
google-auth-httplib2==0.1.1
google-auth-oauthlib==1.1.0
icalendar==6.3.1
# Redis for caching
redis==5.0.1
hiredis==2.2.3
Reference in New Issue View Git Blame Copy Permalink