txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
254 Commits 1 Branch 2 Tags
25e9ebafe7e90134ed2a74ec355261d74fc8c207
Commit Graph

9 Commits

Author SHA1 Message Date
juanatsap 211fd05462 feat: simplify architecture by removing cache layer and centralizing routes 
- Removed over-engineered cache system for static CV data that only changes on deployment
- Extracted all route configuration to internal/routes/routes.go for better organization
- Implemented rate limiting and cache control middleware for PDF endpoint protection
 2025-11-12 17:53:24 +00:00
juanatsap 927d257f2c docs: add comprehensive zoom implementation technical documentation 
- Document CSS zoom vs transform scale decision
- Explain inverse zoom technique for fixed elements
- Detail viewport expansion strategy
- Cover edge cases, constraints, and browser compatibility
- Include testing checklist and future considerations
 2025-11-12 17:04:45 +00:00
juanatsap f211d40803 docs: consolidate and sanitize documentation for public release 
**Changes Summary:**

**Files Deleted (6 files):**
- doc/HTMX-PRODUCTION-RECOMMENDATIONS.md (implementation notes)
- doc/SEO-OPTIMIZATION-COMPLETE.md (implementation artifact)
- doc/PROJECT-DOCUMENTATION-SUMMARY.md (meta-documentation)
- doc/PROJECT_STATUS.md (internal roadmap)
- doc/API-QUICK-REFERENCE.md (consolidated into API.md)
- doc/API-PROTECTION.md (consolidated into API.md and SECURITY.md)

**API Documentation Enhanced:**
- Added Quick Reference section to API.md (from API-QUICK-REFERENCE.md)
- Added Security & Protection section to API.md (from API-PROTECTION.md)
- Updated Rate Limiting section to reflect actual implementation
- Added Origin Checking documentation with examples

**SECURITY.md Enhanced:**
- Added comprehensive API Protection Features section
- Updated Rate Limiting section (was marked "Not implemented", now shows it IS implemented)
- Added Origin Checking configuration and examples
- Added Combined Protection flow documentation
- Added Testing Protection section with curl examples
- Added Production Deployment Checklist
- Added Troubleshooting section

**Private Information Removed:**
- README.md: Removed matomo.drolo.club and site ID references
- PRIVACY.md: Replaced specific Matomo server with generic template
- CUSTOMIZATION.md: Replaced Analytics Configuration with generic guide
- All Matomo-specific details replaced with placeholders

**Documentation Navigation:**
- README.md: Enhanced Documentation section with organized categories
  - Getting Started (README, DEPLOYMENT, CUSTOMIZATION)
  - Technical Reference (ARCHITECTURE, API)
  - Policies & Standards (SECURITY, PRIVACY, CODE_OF_CONDUCT, CONTRIBUTING)
  - License

**Broken Links Fixed:**
- Removed reference to non-existent CHANGELOG.md in API.md
- Fixed relative paths for cross-document references
- Verified all internal documentation links

**Result:**
- Documentation reduced from 16 files to 10 core files (37.5% reduction)
- No private information exposed (all Matomo details sanitized)
- No implementation artifacts remaining
- Clear, professional structure suitable for public instructive project
- Comprehensive API and security documentation
- All essential content preserved and enhanced

This documentation now represents a professional, instructive open-source project suitable for public consumption and learning purposes.
 2025-11-12 16:04:43 +00:00
juanatsap 6eee66e3e2 refactor: simplify middleware chain and update documentation 
- Remove unused rate limiting and security validation middleware
- Rename improvement summary to aspirational goals
- Add current project status documentation
 2025-11-12 09:42:46 +00:00
juanatsap 92dffe8c60 feat: add comprehensive testing infrastructure and security hardening 
- Enhanced CI/CD pipeline with coverage reporting, benchmarks, and artifact uploads
- Implemented rate limiter IP validation with proxy support and spoofing protection
- Added extensive Makefile test targets for coverage, benchmarks, and continuous testing
- Expanded middleware chain with request validation, size limits, and suspicious activity logging
 2025-11-11 21:43:12 +00:00
juanatsap 0e52d625a1 refactor: remove API documentation files and add binary to gitignore 
- Removed redundant API documentation (API.md and API-QUICK-REFERENCE.md)
- Added cv-app binary to gitignore to prevent committing build artifacts
 2025-11-09 20:48:24 +00:00
juanatsap ea6ccf9cdd feat: add origin validation and rate limiting for PDF endpoint 
Security enhancements:
- Implement origin/referer validation middleware
- Add rate limiting (3 requests/min per IP)
- Default to production domain (juan.andres.morenorub.io)
- Verify all protection mechanisms working correctly

Documentation updates:
- Update README to reflect personal portfolio nature
- Remove template encouragement from README
- Add verification status to API-PROTECTION.md
- Document ALLOWED_ORIGINS configuration in .env.example

Cleanup:
- Remove templates.backup/ folder
- Remove old test screenshots
 2025-11-09 14:13:22 +00:00
juanatsap 24b2401519 feat: add origin validation and rate limiting for PDF endpoint 
- Implemented origin checker middleware to prevent external sites from hotlinking the PDF generation endpoint
- Added rate limiter (3 requests per minute per IP) to protect resource-intensive PDF operations
- Configured allowed origins via ALLOWED_ORIGINS environment variable with localhost defaults for development
 2025-11-09 14:00:10 +00:00
juanatsap 584cfe05b1 refactor: consolidate documentation into main README 
- Removed redundant documentation files (ADDING-YOUR-PHOTO.md, ARCHITECTURE.md, DEPLOYMENT_SETUP.md)
- Moved essential information into the primary README for better discoverability
- Streamlined documentation structure to reduce maintenance overhead
 2025-11-08 10:34:43 +00:00