Conversation
…r Guide and Database Management Guide to repository documentation.
- Created offline.html with auto-retry functionality - Added backend health check before window load - Falls back to offline page if backend unavailable - Meets AppImageHub offline requirement for edge cases
xnodeoncode
added
🔧 enhancement
There was a problem hiding this comment.
Pull request overview
This PR implements comprehensive security enhancements for the Aquiis Property Management System as part of "Phase-1-Security Enhancements". The changes focus on database encryption, stronger password policies, security headers, and infrastructure improvements for production deployments.
Changes:
- Implemented SQLCipher database encryption with PBKDF2 key derivation and Linux keychain integration
- Strengthened password requirements from 6 to 12 characters with special character enforcement
- Added Content Security Policy (CSP) and security headers middleware for web deployments
- Refactored BaseModel to include OrganizationId and IsSampleData flags at the base level
- Enhanced notification system with SignalR for real-time updates across browser tabs
- Added database unlock UI flow and encryption/decryption services
- Updated invoice/payment numbering to use monthly sequences with organization scoping
- Improved Electron mode with Remember Me defaults and better cookie persistence
- Added MIT License file and updated documentation
Reviewed changes
Copilot reviewed 135 out of 142 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| LICENSE | Added MIT License (Copyright 2026 CIS Guru) |
| README.md | Added Linux AppImage and Windows portable distribution details |
| bump-version.sh | Updated paths to use numbered directory structure (4-Aquiis.SimpleStart) |
| copilot-review-to-backlog.sh | Enhanced with better error handling, jq requirement check, and improved Copilot comment parsing |
| 0-Aquiis.Core/Entities/BaseModel.cs | Added OrganizationId and IsSampleData properties to base class |
| 0-Aquiis.Core/Entities/*.cs | Removed duplicate OrganizationId declarations (now inherited from BaseModel) |
| 0-Aquiis.Core/Entities/DatabaseSettings.cs | New entity for database encryption settings and salt storage |
| 1-Aquiis.Infrastructure/Data/SqlCipherConnectionInterceptor.cs | EF Core interceptor to set SQLCipher encryption keys on connections |
| 1-Aquiis.Infrastructure/Services/*.cs | New encryption services (PasswordDerivation, LinuxKeychain, DatabaseEncryption) |
| 1-Aquiis.Infrastructure/Hubs/NotificationHub.cs | SignalR hub for real-time notification synchronization |
| 2-Aquiis.Application/Services/*.cs | Updated services with SignalR broadcasting, sample data propagation, and database unlock support |
| 3-Aquiis.UI.Shared/Components/*.razor | Updated UI components with sample data badges and SignalR integration |
| 4-Aquiis.SimpleStart/*.cs | Strong password policy (12+ chars), security headers, encryption support, Remember Me defaults |
| 5-Aquiis.Professional/*.cs | Matching security enhancements for Professional edition |
| 6-Tests/*.cs | Updated test passwords to meet new 12-character requirement, added SignalR mock dependencies |
| Migrations | Added database encryption settings, fixed invoice/payment unique indexes, sample data flag migration |
Files not reviewed (1)
- 4-Aquiis.SimpleStart/ElectronHostHook/package-lock.json: Language not supported
| // CRITICAL: Set key FIRST, before any other PRAGMA commands | ||
| if (EnableVerboseLogging) | ||
| Console.WriteLine("[SqlCipherConnectionInterceptor] Setting encryption key..."); | ||
| cmd.CommandText = $"PRAGMA key = '{_encryptionPassword}';"; |
There was a problem hiding this comment.
Password is passed as plain text in SQL command using string interpolation, which could be vulnerable to SQL injection. While SQLite's PRAGMA key command may handle this safely, consider using parameterized commands or proper escaping to follow security best practices.
| private const bool EnableVerboseLogging = true; | ||
|
|
||
| public SqlCipherConnectionInterceptor(string? encryptionPassword) | ||
| { | ||
| _encryptionPassword = encryptionPassword; | ||
| if (EnableVerboseLogging) | ||
| Console.WriteLine($"[SqlCipherConnectionInterceptor] Initialized with password: {(_encryptionPassword != null ? $"YES (length: {_encryptionPassword.Length})" : "NO")}"); |
There was a problem hiding this comment.
Verbose logging is enabled with hardcoded password length information being printed to console. This could expose sensitive information in production logs. Consider making this configurable and ensure password lengths are not logged in production environments.
| @page "/administration/database/preview/{BackupFileName}" | ||
| @using Aquiis.Application.Models.DTOs | ||
| @using Aquiis.Application.Services | ||
| @inject DatabasePreviewService PreviewService | ||
| @inject NavigationManager Navigation | ||
| @inject IJSRuntime JSRuntime | ||
| @rendermode InteractiveServer | ||
|
|
There was a problem hiding this comment.
The new DatabasePreview administration page at route /administration/database/preview/{BackupFileName} has no [Authorize] or OrganizationAuthorize attribute, so AuthorizeRouteView will treat it as publicly accessible content. An unauthenticated or low-privilege user who can navigate to this URL can preview backup databases and read properties, tenants, leases, and other sensitive data, bypassing the intended admin-only restriction. Protect this page with the same authorization used on other database admin pages (for example applying OrganizationAuthorize("Owner", "Administrator") to this component) so only appropriately privileged users can access it.
2 participants
See release notes for latest updates.