CRITICAL fixes:
- Restrict X-View-Tenant impersonation to global admin only (was any admin)
- Add authorization to subscription endpoints (was open to any user)
- Make webhook signature verification mandatory (was skippable)
- Remove databaseName from JWT payload (resolve server-side with cache)
- Reduce body size limit from 1GB to 10MB (50MB for bulk CFDI)
- Restrict .env file permissions to 600
HIGH fixes:
- Add authorization to SAT cron endpoints (global admin only)
- Add Content-Security-Policy and Permissions-Policy headers
- Centralize isGlobalAdmin() utility with caching
- Add rate limiting on auth endpoints (express-rate-limit)
- Require authentication on logout endpoint
MEDIUM fixes:
- Replace Math.random() with crypto.randomBytes for temp passwords
- Remove console.log of temporary passwords in production
- Remove DB credentials from admin notification email
- Add escapeHtml() to email templates (prevent HTML injection)
- Add file size validation on FIEL upload (50KB max)
- Require TLS for SMTP connections
- Normalize email to lowercase before uniqueness check
- Remove hardcoded default for FIEL_ENCRYPTION_KEY
Also includes:
- Complete production deployment documentation
- API reference documentation
- Security audit report with remediation details
- Updated README with v0.5.0 changelog
- New client admin email template
- Utility scripts (create-carlos, test-emails)
- PM2 ecosystem config updates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- MercadoPago PreApproval integration for recurring subscriptions
- Subscription service with caching, manual payment, payment history
- Webhook handler with HMAC-SHA256 signature verification
- Admin endpoints for subscription management and payment links
- Email notifications on payment success/failure/cancellation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
EmailService with mock fallback when SMTP not configured.
Templates: welcome, fiel-notification, payment-confirmed,
payment-failed, subscription-expiring, subscription-cancelled.
Uses Google Workspace SMTP (STARTTLS).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Adds pg dependency for direct PostgreSQL connections to tenant DBs
- TenantConnectionManager: singleton managing Map<tenantId, Pool>
- provisionDatabase: creates new DB with tables and indexes
- deprovisionDatabase: soft-deletes by renaming DB
- Automatic idle pool cleanup every 60s (5min threshold)
- Max 3 connections per pool (6/tenant with 2 PM2 workers)
- Graceful shutdown support for all pools
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual SOAP authentication with the official nodecfdi library
which properly handles WS-Security signatures for SAT web services.
- Add sat-client.service.ts using Fiel.create() for authentication
- Update sat.service.ts to use new client
- Update fiel.service.ts to return raw certificate data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add sat-sync.job.ts with scheduled daily sync at 3:00 AM
- Automatic detection of tenants with active FIEL
- Initial sync (10 years) for new tenants, daily for existing
- Concurrent processing with configurable batch size
- Integration with app startup for production environment
- Install node-cron dependency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add sat-parser.service.ts for processing SAT packages:
- Extract XML files from ZIP packages
- Parse CFDI 4.0 XML structure with proper namespace handling
- Extract fiscal data: UUID, amounts, taxes, dates, RFC info
- Map SAT types (I/E/T/P/N) to application types
- Handle IVA and ISR retention calculations
- Install @nodecfdi/cfdi-core dependency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add sat-auth.service.ts for SAML token authentication with SAT
using FIEL credentials and SOAP protocol
- Add sat-download.service.ts with full download workflow:
- Request CFDI download (emitted/received)
- Verify request status with polling support
- Download ZIP packages when ready
- Helper functions for status checking
- Install fast-xml-parser and adm-zip dependencies
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add sat-crypto.service.ts with AES-256-GCM encryption for secure
credential storage using JWT_SECRET as key derivation source
- Add fiel.service.ts with complete FIEL lifecycle management:
- Upload and validate FIEL credentials (.cer/.key files)
- Verify certificate is FIEL (not CSD) and not expired
- Store encrypted credentials in database
- Retrieve and decrypt credentials for SAT sync operations
- Install @nodecfdi/credentials for FIEL/CSD handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add bulk XML CFDI upload support (up to 300MB)
- Add period selector component for month/year navigation
- Fix session persistence on page refresh (Zustand hydration)
- Fix income/expense classification based on tenant RFC
- Fix IVA calculation from XML (correct Impuestos element)
- Add error handling to reportes page
- Support multiple CORS origins
- Update reportes service with proper Decimal/BigInt handling
- Add RFC to tenant view store for proper CFDI classification
- Update README with changelog and new features
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
