Lukas
c96b87ee8b
- Add ~75 common plaintext passwords to setup.py validator - Check case-insensitively; passes complexity but blocked - Add tests: reject common, accept unique, short common fail on length - Update Security.md docs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
6.2 KiB
Issue #31: LOW-MEDIUM - Weak Master Password Validation
Where found:
backend/app/models/setup.py(line 22)- Requires uppercase, digit, special char but no dictionary check
Why this is needed: Passwords can still be weak (e.g., "Password1!" is common).
Goal: Prevent common passwords.
What to do:
- Add common passwords list or library:
import common_passwords @field_validator("password") def validate_password(cls, v): if v.lower() in common_passwords.PASSWORDS: raise ValueError("Password is too common, choose another") return v - Test against known weak passwords
Docs changes needed:
- Document password requirements
Doc references:
- DETAILED_FINDINGS.md - Issue #23 "Weak Password Validation"
Issue #32: LOW-MEDIUM - Missing Accessibility Features
Where found:
frontend/src/components/BanTable.tsx- No aria-label on tablefrontend/src/pages/HistoryPage.tsx- Button has tabIndex but no onKeyDown handler- World map missing alt text
Why this is needed: Application not usable by screen reader users or keyboard-only navigation.
Goal: Improve accessibility to WCAG AA compliance.
What to do:
- Add ARIA labels to major components
- Implement keyboard navigation handlers
- Test with screen readers
- Check color contrast ratios
Docs changes needed:
- Add accessibility guidelines
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "11 Accessibility"
Issue #33: LOW - Missing Architecture Decision Records (ADRs)
Where found:
- No
Docs/adr/directory
Why this is needed: New developers don't understand architectural choices, recreate debates, make wrong assumptions.
Goal: Document important decisions and their rationale.
What to do:
- Create
Docs/adr/directory - Add ADRs for major decisions:
- Why SQLite instead of PostgreSQL?
- Why FastAPI instead of Django?
- Why React instead of Vue?
- Why APScheduler instead of Celery?
- Why single-instance scheduler?
Docs changes needed:
- Create ADR template and examples
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "8.5 Missing ADRs"
Issue #34: LOW - No Troubleshooting Guide
Where found:
- Missing
Docs/TROUBLESHOOTING.md
Why this is needed: Users can't self-serve on common issues, create issues instead.
Goal: Document common problems and solutions.
What to do:
- Create
Docs/TROUBLESHOOTING.mdwith:- "502 Bad Gateway" - backend is down or not ready
- "Permission denied" - database directory not writable
- "fail2ban not found" - socket path wrong
- "Geo lookups empty" - GeoLite2 database missing
- "Rate limited (429)" - too many requests
- Expand based on real user issues
Docs changes needed:
- Create comprehensive troubleshooting guide
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "8.3 No Troubleshooting"
Issue #35: LOW - Missing Upgrade/Migration Guide
Where found:
- No
Docs/UPGRADING.md
Why this is needed: Users don't know how to safely upgrade without losing data.
Goal: Document upgrade process and breaking changes.
What to do:
- Create
Docs/UPGRADING.mdwith:- Backup procedure
- Breaking changes for each version
- Step-by-step upgrade procedure
- Rollback procedure if something goes wrong
Docs changes needed:
- Create upgrade guide for each major version
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "8.5 No Migration Guide"
Issue #36: LOW - No Backup Strategy Documented
Where found:
- No backup procedure in deployment docs
- No automated backup in Docker Compose
Why this is needed: Users don't know how to protect their data.
Goal: Document and automate database backups.
What to do:
- Create
Docs/BACKUP_RESTORE.md - Add backup script to Docker
- Document retention policy
- Document restore procedure
Docs changes needed:
- Create backup & restore guide
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "10.4 No Backup Strategy"
Issue #37: LOW - Missing CONTRIBUTING.md
Where found:
fail2ban-master/CONTRIBUTING.mdis from fail2ban, not BanGUI
Why this is needed: Contributors don't know project guidelines.
Goal: Document contribution guidelines.
What to do:
- Create
CONTRIBUTING.mdwith:- Development setup
- Branch naming conventions
- PR requirements
- Code style guidelines
- Testing requirements
- PR review process
Docs changes needed:
- Create CONTRIBUTING.md
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "12.5 No CONTRIBUTING.md"
Issue #38: LOW - No Test Coverage Minimum Enforced
Where found:
backend/pyproject.toml- Coverage report generated but no minimum threshold- CI doesn't fail on low coverage
Why this is needed: Code quality can degrade as coverage drops.
Goal: Enforce minimum test coverage.
What to do:
- Set minimum coverage threshold in CI (e.g., 80%)
- Fail build if coverage drops below threshold
- Add coverage badge to README
Docs changes needed:
- Document testing requirements
Doc references:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "12.6 Test Coverage Not Enforced"
DOCUMENTATION GAPS (Cross-Cutting)
Issue #39: DOCUMENTATION - Missing API Reference
Files affected: All routers
Create: Comprehensive API reference documenting:
- All endpoints
- Request/response formats
- Status codes
- Examples
References:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "8.1 Missing API Documentation"
Issue #40: DOCUMENTATION - Missing Deployment Best Practices
Files affected: Docs/Deployment.md, Docker configuration
Create/Update:
- Security best practices
- Performance tuning
- Monitoring setup
- Scaling guidelines
References:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "6 Build & Deployment"
Issue #41: DOCUMENTATION - Missing Database Schema Documentation
Create: Document:
- All tables and their purpose
- Relationships and constraints
- Indexes and performance notes
- Migration history
References:
- DATABASE_API_DEPLOYMENT_ISSUES.md - Issue "1 Database Design"