mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-07 20:20:30 -06:00
20824dbcb1
This commit introduces a comprehensive Kanban board customization system and improves CSRF token configuration for Docker deployments. ## Major Features ### 1. Customizable Kanban Board Columns Add complete kanban column customization system allowing users to define custom workflow states beyond the default columns. **New Components:** - Add KanbanColumn model with full CRUD operations (app/models/kanban_column.py) - Add kanban routes blueprint with admin endpoints (app/routes/kanban.py) - Add kanban column management templates (app/templates/kanban/) - Add migration 019 for kanban_columns table (migrations/) **Features:** - Create unlimited custom columns with unique keys, labels, icons, and colors - Drag-and-drop column reordering with position persistence - Toggle column visibility without deletion - Protected system columns (todo, in_progress, done) prevent accidental deletion - Complete state marking for columns that should mark tasks as done - Real-time updates via SocketIO broadcasts when columns change - Font Awesome icon support (5000+ icons) - Bootstrap color scheme integration - Comprehensive validation and error handling **Integration:** - Update Task model to work with dynamic column statuses (app/models/task.py) - Update task routes to use kanban column API (app/routes/tasks.py) - Update project routes to fetch active columns (app/routes/projects.py) - Add kanban column management links to base template (app/templates/base.html) - Update kanban board templates to render dynamic columns (app/templates/tasks/) - Add cache prevention headers to force fresh column data **API Endpoints:** - GET /api/kanban/columns - Fetch all active columns - POST /api/kanban/columns/reorder - Reorder columns - GET /kanban/columns - Column management interface (admin only) - POST /kanban/columns/create - Create new column (admin only) - POST /kanban/columns/<id>/edit - Edit column (admin only) - POST /kanban/columns/<id>/delete - Delete column (admin only) - POST /kanban/columns/<id>/toggle - Toggle column visibility (admin only) ### 2. Enhanced CSRF Configuration Improve CSRF token configuration and documentation for Docker deployments. **Configuration Updates:** - Add WTF_CSRF_ENABLED environment variable to all docker-compose files - Add WTF_CSRF_TIME_LIMIT environment variable with 1-hour default - Update app/config.py to read CSRF settings from environment - Add SECRET_KEY validation in app/__init__.py to prevent production deployment with default keys **Docker Compose Updates:** - docker-compose.yml: CSRF enabled by default for security testing - docker-compose.remote.yml: CSRF always enabled in production - docker-compose.remote-dev.yml: CSRF enabled with production-like settings - docker-compose.local-test.yml: CSRF can be disabled for local testing - Add helpful comments explaining each CSRF-related environment variable - Update env.example with CSRF configuration examples **Verification Scripts:** - Add scripts/verify_csrf_config.sh for Unix systems - Add scripts/verify_csrf_config.bat for Windows systems - Scripts check SECRET_KEY, CSRF_ENABLED, and CSRF_TIME_LIMIT settings ### 3. Database Initialization Improvements - Update app/__init__.py to run pending migrations on startup - Add automatic kanban column initialization after migrations - Improve error handling and logging during database setup ### 4. Configuration Management - Update app/config.py with new CSRF and kanban-related settings - Add environment variable parsing with sensible defaults - Improve configuration validation and error messages ## Documentation ### New Documentation Files - CUSTOM_KANBAN_README.md: Quick start guide for kanban customization - KANBAN_CUSTOMIZATION.md: Detailed technical documentation - IMPLEMENTATION_SUMMARY.md: Implementation details and architecture - KANBAN_AUTO_REFRESH_COMPLETE.md: Real-time update system documentation - KANBAN_REFRESH_FINAL_FIX.md: Cache and refresh troubleshooting - KANBAN_REFRESH_SOLUTION.md: Technical solution for data freshness - docs/CSRF_CONFIGURATION.md: Comprehensive CSRF setup guide - CSRF_DOCKER_CONFIGURATION_SUMMARY.md: Docker-specific CSRF setup - CSRF_TROUBLESHOOTING.md: Common CSRF issues and solutions - APPLY_KANBAN_MIGRATION.md: Migration application guide - APPLY_FIXES_NOW.md: Quick fix reference - DEBUG_KANBAN_COLUMNS.md: Debugging guide - DIAGNOSIS_STEPS.md: System diagnosis procedures - BROWSER_CACHE_FIX.md: Browser cache troubleshooting - FORCE_NO_CACHE_FIX.md: Cache prevention solutions - SESSION_CLOSE_ERROR_FIX.md: Session handling fixes - QUICK_FIX.md: Quick reference for common fixes ### Updated Documentation - README.md: Add kanban customization feature description - Update project documentation with new features ## Testing ### New Test Files - test_kanban_refresh.py: Test kanban column refresh functionality ## Technical Details **Database Changes:** - New table: kanban_columns with 11 columns - Indexes on: key, position - Default data: 4 system columns (todo, in_progress, review, done) - Support for both SQLite (development) and PostgreSQL (production) **Real-Time Updates:** - SocketIO events: 'kanban_columns_updated' with action type - Automatic page refresh when columns are created/updated/deleted/reordered - Prevents stale data by expiring SQLAlchemy caches after changes **Security:** - Admin-only access to column management - CSRF protection on all column mutation endpoints - API endpoints exempt from CSRF (use JSON and other auth mechanisms) - System column protection prevents data integrity issues - Validation prevents deletion of columns with active tasks **Performance:** - Efficient querying with position-based ordering - Cached column data with cache invalidation on changes - No-cache headers on API responses to prevent stale data - Optimized database indexes for fast lookups ## Breaking Changes None. This is a fully backward-compatible addition. Existing workflows continue to work with the default columns. Custom columns are opt-in via the admin interface. ## Migration Notes 1. Run migration 019 to create kanban_columns table 2. Default columns are initialized automatically on first run 3. No data migration needed for existing tasks 4. Existing task statuses map to new column keys ## Environment Variables New environment variables (all optional with defaults): - WTF_CSRF_ENABLED: Enable/disable CSRF protection (default: true) - WTF_CSRF_TIME_LIMIT: CSRF token expiration in seconds (default: 3600) - SECRET_KEY: Required in production, must be cryptographically secure See env.example for complete configuration reference. ## Deployment Notes
Database Migrations with Flask-Migrate
This directory contains the database migration system for TimeTracker, now standardized on Flask-Migrate with proper versioning.
Overview
The migration system has been updated from custom Python scripts to use Flask-Migrate, which provides:
- Standardized migrations using Alembic
- Version tracking for all database changes
- Rollback capabilities to previous versions
- Automatic schema detection from SQLAlchemy models
- Cross-database compatibility (PostgreSQL, SQLite)
Quick Start
1. Initialize Migrations (First Time Only)
flask db init
2. Create Your First Migration
flask db migrate -m "Initial database schema"
3. Apply Migrations
flask db upgrade
Migration Commands
Basic Commands
flask db init- Initialize migrations directoryflask db migrate -m "Description"- Create a new migrationflask db upgrade- Apply pending migrationsflask db downgrade- Rollback last migrationflask db current- Show current migration versionflask db history- Show migration history
Advanced Commands
flask db show <revision>- Show specific migration detailsflask db stamp <revision>- Mark database as being at specific revisionflask db heads- Show current heads (for branched migrations)
Migration Workflow
1. Make Model Changes
Edit your SQLAlchemy models in app/models/:
# Example: Add a new column
class User(db.Model):
# ... existing fields ...
phone_number = db.Column(db.String(20), nullable=True)
2. Generate Migration
flask db migrate -m "Add phone number to users"
3. Review Generated Migration
Check the generated migration file in migrations/versions/:
def upgrade():
op.add_column('users', sa.Column('phone_number', sa.String(length=20), nullable=True))
def downgrade():
op.drop_column('users', 'phone_number')
4. Apply Migration
flask db upgrade
5. Verify Changes
Check the migration status:
flask db current
Migration Files Structure
migrations/
├── versions/ # Migration files
│ ├── 001_initial_schema.py
│ ├── 002_add_phone_number.py
│ └── ...
├── env.py # Migration environment
├── script.py.mako # Migration template
├── alembic.ini # Alembic configuration
└── README.md # This file
Transition from Old System
If you're migrating from the old custom migration system:
1. Backup Your Database
# PostgreSQL
pg_dump --format=custom --dbname="$DATABASE_URL" --file=backup_$(date +%Y%m%d_%H%M%S).dump
# SQLite
cp instance/timetracker.db backup_timetracker_$(date +%Y%m%d_%H%M%S).db
2. Use Migration Management Script
python migrations/manage_migrations.py
3. Or Manual Migration
# Initialize Flask-Migrate
flask db init
# Create initial migration (captures current schema)
flask db migrate -m "Initial schema from existing database"
# Apply migration
flask db upgrade
Best Practices
1. Migration Naming
Use descriptive names for migrations:
flask db migrate -m "Add user profile fields"
flask db migrate -m "Create project categories table"
flask db migrate -m "Add invoice payment tracking"
2. Testing Migrations
Always test migrations on a copy of your production data:
# Test upgrade
flask db upgrade
# Test downgrade
flask db downgrade
# Verify data integrity
3. Backup Before Migrations
# Always backup before major migrations
flask db backup # Custom command
# or
pg_dump --format=custom --dbname="$DATABASE_URL" --file=pre_migration_backup.dump
4. Review Generated Code
Always review auto-generated migrations before applying:
- Check the
upgrade()function - Verify the
downgrade()function - Ensure data types and constraints are correct
Troubleshooting
Common Issues
1. Migration Already Applied
# Check current status
flask db current
# If migration is already applied, stamp the database
flask db stamp <revision>
2. Migration Conflicts
# Show migration heads
flask db heads
# Merge branches if needed
flask db merge -m "Merge migration branches" <revision1> <revision2>
3. Database Out of Sync
# Check migration history
flask db history
# Reset to specific revision
flask db stamp <revision>
4. Model Import Errors
Ensure all models are imported in your application:
# In app/__init__.py or similar
from app.models import User, Project, TimeEntry, Task, Settings, Invoice, Client
Getting Help
- Check the migration status:
flask db current - Review migration history:
flask db history - Check Alembic logs for detailed error messages
- Verify database connection and permissions
Advanced Features
Custom Migration Operations
You can add custom operations in your migrations:
def upgrade():
# Custom data migration
op.execute("UPDATE users SET role = 'user' WHERE role IS NULL")
# Custom table operations
op.create_index('custom_idx', 'table_name', ['column_name'])
Data Migrations
For complex data migrations, use the op.execute() method:
def upgrade():
# Migrate existing data
op.execute("""
INSERT INTO new_table (id, name)
SELECT id, name FROM old_table
""")
Conditional Migrations
Handle different database types:
def upgrade():
# PostgreSQL-specific operations
if op.get_bind().dialect.name == 'postgresql':
op.execute('CREATE EXTENSION IF NOT EXISTS "uuid-ossp"')
Environment Variables
Ensure these environment variables are set:
export FLASK_APP=app.py
export DATABASE_URL="postgresql://user:pass@localhost/dbname"
# or
export DATABASE_URL="sqlite:///instance/timetracker.db"
CI/CD Integration
For automated deployments, include migration steps:
# Example GitHub Actions step
- name: Run database migrations
run: |
flask db upgrade
env:
DATABASE_URL: ${{ secrets.DATABASE_URL }}
Support
For migration-related issues:
- Check this README
- Review Flask-Migrate documentation: https://flask-migrate.readthedocs.io/
- Check Alembic documentation: https://alembic.sqlalchemy.org/
- Review generated migration files for errors