openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: openclaw:97116fed1c760b6c47a0dd388dad48c1064ae6a6
Branches Tags
openclaw:main
openclaw:issue-12-rbac-dispute
openclaw:issue-18
openclaw:issue-5-dispute-flow
openclaw:feature/dispute-flow-test
openclaw:feature/dispute-flow
openclaw:issue-8-docker-install
openclaw:issue-8-docker-install-10
openclaw:issue-8-docker-install-11
openclaw:issue-8-docker-install-12
openclaw:issue-8-docker-install-13
openclaw:issue-8-docker-install-2
openclaw:issue-8-docker-install-3
openclaw:issue-8-docker-install-4
openclaw:issue-8-docker-install-5
openclaw:issue-8-docker-install-6
openclaw:issue-8-docker-install-7
openclaw:issue-8-docker-install-8
openclaw:issue-8-docker-install-9
openclaw:issue-7-fix
openclaw:issue-45-rbac-integration-tests
openclaw:issue-44-neighbourhood-management
openclaw:issue-43-user-authentication-flow
openclaw:issue-42-role-implementation
openclaw:fix/role-implementation
openclaw:openapi-spec
...
compare: openclaw:5a61bf2dbfb046c8bfe1c2a60e853817d76af2aa
Branches Tags
openclaw:main
openclaw:issue-12-rbac-dispute
openclaw:issue-18
openclaw:issue-5-dispute-flow
openclaw:feature/dispute-flow-test
openclaw:feature/dispute-flow
openclaw:issue-8-docker-install
openclaw:issue-8-docker-install-10
openclaw:issue-8-docker-install-11
openclaw:issue-8-docker-install-12
openclaw:issue-8-docker-install-13
openclaw:issue-8-docker-install-2
openclaw:issue-8-docker-install-3
openclaw:issue-8-docker-install-4
openclaw:issue-8-docker-install-5
openclaw:issue-8-docker-install-6
openclaw:issue-8-docker-install-7
openclaw:issue-8-docker-install-8
openclaw:issue-8-docker-install-9
openclaw:issue-7-fix
openclaw:issue-45-rbac-integration-tests
openclaw:issue-44-neighbourhood-management
openclaw:issue-43-user-authentication-flow
openclaw:issue-42-role-implementation
openclaw:fix/role-implementation
openclaw:openapi-spec

3 commits
97116fed1c ... 5a61bf2dbf

Author SHA1 Message Date
J.A.R.V.I.S.
5a61bf2dbf feat: add RBAC implementation for dispute endpoints
Some checks are pending
Docker Test / test (push) Waiting to run
Details
2026-03-20 00:06:46 +00:00
J.A.R.V.I.S.
25cea4fbe8 feat(auth): implement user authentication system 2026-03-19 23:10:50 +00:00
J.A.R.V.I.S.
4847ab793a feat(auth): implement user authentication system 2026-03-19 23:07:24 +00:00
14209 changed files with 1105655 additions and 352845 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View file

Binary file not shown.

BIN
._.DS_Store Normal file
View file

Binary file not shown.

2
.env Normal file
View file

@ -0,0 +1,2 @@
JWT_SECRET=helpyourneighbour-secret-key-for-jwt
PORT=3000

36
ISSUE-10.md
View file

@ -1,25 +1,19 @@
## Issue #10: Implement Rate Limiting
# Issue: Implement Role-Based Access Control (RBAC) for Dispute Endpoints
### Description
## Description
Implement role-based access control for dispute-related endpoints to ensure that only authorized users (moderators and admins) can perform actions like changing dispute status or making final decisions.
Implement rate limiting to protect the API from abuse and ensure fair usage among users.
## Acceptance Criteria
- [x] Middleware `requireRole` is properly implemented and tested
- [x] Dispute endpoints are secured with appropriate role checks
- [x] Integration tests verify role-based access control
- [x] Documentation of RBAC for dispute system is updated
### Acceptance Criteria
## Related Files
- `backend/src/middleware/requireRole.js`
- `backend/src/controllers/dispute.controller.js`
- `backend/src/routes/disputes.routes.js`
- `backend/test/roles.test.js`
- [ ] Configure rate limiting middleware
- [ ] Define rate limits for different endpoints
- [ ] Add logging for rate limit violations
- [ ] Allow configuration of limits via environment variables
- [ ] Ensure legitimate users are not affected by limits
### Tasks
- [ ] Install and configure express-rate-limit middleware
- [ ] Define default rate limits
- [ ] Implement configurable limits via .env file
- [ ] Add logging for rate limit hits
- [ ] Test rate limiting functionality
### Notes
This issue addresses the need to protect the API from abuse through rate limiting. The implementation will use express-rate-limit middleware to configure different rate limits for various endpoints, with configuration via environment variables to allow easy adjustment without code changes.
## Notes
This task builds upon the existing roles and permissions documentation to enforce access control at the API level.

25
ISSUE-TEMPLATE.md
View file

@ -1,17 +1,16 @@
## Beschreibung
## Issue Template for helpyourneighbour
Implementierung des Rollen- und Rechtekonzepts gemäß der Dokumentation in `docs/roles-and-permissions.md`.
### Description
Describe the task to be done.
## Aufgaben
### Acceptance Criteria
- [ ] Criterion 1
- [ ] Criterion 2
- [ ] Criterion 3
- [ ] Implementierung der `requireRole` Middleware
- [ ] Integration der Middleware in die bestehenden Routen
- [ ] Erstellung von Integrationstests für die Rollenprüfung
- [ ] Dokumentation der Rolle in der API-Dokumentation
### Related Files
- File 1
- File 2
## Akzeptanzkriterien
- Alle Endpunkte sind entsprechend den Rollen geschützt
- Integrationstests bestehen erfolgreich
- Die Middleware ist in allen relevanten Routen implementiert
- Die Dokumentation wurde aktualisiert
### Notes
Any additional context or notes.

BIN
backend/.DS_Store vendored Normal file
View file

Binary file not shown.

BIN
backend/._.DS_Store Normal file
View file

Binary file not shown.

11
backend/.env Normal file
View file

@ -0,0 +1,11 @@
PORT=3000
DB_HOST=localhost
DB_PORT=5432
DB_USER=root
DB_PASSWORD=
DB_NAME=helpyourneighbour
JWT_SECRET=fallback_secret_key_for_dev
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
RATE_LIMIT_AUTH_WINDOW_MS=300000
RATE_LIMIT_AUTH_MAX_REQUESTS=5

0
node_modules/.bin/baseline-browser-mapping → backend/node_modules/.bin/baseline-browser-mapping generated vendored
View file

1
backend/node_modules/.bin/bcrypt generated vendored Symbolic link
View file

@ -0,0 +1 @@
../bcryptjs/bin/bcrypt

0
node_modules/.bin/browserslist → backend/node_modules/.bin/browserslist generated vendored
View file

1
backend/node_modules/.bin/create-jest generated vendored Symbolic link
View file

@ -0,0 +1 @@
../create-jest/bin/create-jest.js

0
node_modules/.bin/esparse → backend/node_modules/.bin/esparse generated vendored
View file

0
node_modules/.bin/esvalidate → backend/node_modules/.bin/esvalidate generated vendored
View file

0
node_modules/.bin/import-local-fixture → backend/node_modules/.bin/import-local-fixture generated vendored
View file

0
node_modules/.bin/jest → backend/node_modules/.bin/jest generated vendored
View file

0
node_modules/.bin/js-yaml → backend/node_modules/.bin/js-yaml generated vendored
View file

0
node_modules/.bin/jsesc → backend/node_modules/.bin/jsesc generated vendored
View file

0
node_modules/.bin/json5 → backend/node_modules/.bin/json5 generated vendored
View file

0
node_modules/superagent/node_modules/.bin/mime → backend/node_modules/.bin/mime generated vendored
View file

1
backend/node_modules/.bin/node-gyp-build generated vendored Symbolic link
View file

@ -0,0 +1 @@
../node-gyp-build/bin.js

1
backend/node_modules/.bin/node-gyp-build-optional generated vendored Symbolic link
View file

@ -0,0 +1 @@
../node-gyp-build/optional.js

1
backend/node_modules/.bin/node-gyp-build-test generated vendored Symbolic link
View file

@ -0,0 +1 @@
../node-gyp-build/build-test.js

0
node_modules/.bin/node-which → backend/node_modules/.bin/node-which generated vendored
View file

0
node_modules/.bin/parser → backend/node_modules/.bin/parser generated vendored
View file

1
backend/node_modules/.bin/playwright generated vendored Symbolic link
View file

@ -0,0 +1 @@
../@playwright/test/cli.js

1
backend/node_modules/.bin/playwright-core generated vendored Symbolic link
View file

@ -0,0 +1 @@
../playwright-core/cli.js

1
backend/node_modules/.bin/regjsparser generated vendored Symbolic link
View file

@ -0,0 +1 @@
../regjsparser/bin/parser

1
backend/node_modules/.bin/resolve generated vendored Symbolic link
View file

@ -0,0 +1 @@
../resolve/bin/resolve

0
node_modules/.bin/semver → backend/node_modules/.bin/semver generated vendored
View file

0
node_modules/.bin/update-browserslist-db → backend/node_modules/.bin/update-browserslist-db generated vendored
View file

9217
backend/node_modules/.package-lock.json generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

0
node_modules/@babel/code-frame/LICENSE → backend/node_modules/@babel/code-frame/LICENSE generated vendored
View file

0
node_modules/@babel/code-frame/README.md → backend/node_modules/@babel/code-frame/README.md generated vendored
View file

0
node_modules/@babel/code-frame/lib/index.js → backend/node_modules/@babel/code-frame/lib/index.js generated vendored
View file

0
node_modules/@babel/code-frame/lib/index.js.map → backend/node_modules/@babel/code-frame/lib/index.js.map generated vendored
View file

0
node_modules/@babel/code-frame/package.json → backend/node_modules/@babel/code-frame/package.json generated vendored
View file

0
node_modules/@babel/compat-data/LICENSE → backend/node_modules/@babel/compat-data/LICENSE generated vendored
View file

0
node_modules/@babel/compat-data/README.md → backend/node_modules/@babel/compat-data/README.md generated vendored
View file

0
node_modules/@babel/compat-data/corejs2-built-ins.js → backend/node_modules/@babel/compat-data/corejs2-built-ins.js generated vendored
View file

0
node_modules/@babel/compat-data/corejs3-shipped-proposals.js → backend/node_modules/@babel/compat-data/corejs3-shipped-proposals.js generated vendored
View file

0
node_modules/@babel/compat-data/data/corejs2-built-ins.json → backend/node_modules/@babel/compat-data/data/corejs2-built-ins.json generated vendored
View file

0
node_modules/@babel/compat-data/data/corejs3-shipped-proposals.json → backend/node_modules/@babel/compat-data/data/corejs3-shipped-proposals.json generated vendored
View file

0
node_modules/@babel/compat-data/data/native-modules.json → backend/node_modules/@babel/compat-data/data/native-modules.json generated vendored
View file

0
node_modules/@babel/compat-data/data/overlapping-plugins.json → backend/node_modules/@babel/compat-data/data/overlapping-plugins.json generated vendored
View file

0
node_modules/@babel/compat-data/data/plugin-bugfixes.json → backend/node_modules/@babel/compat-data/data/plugin-bugfixes.json generated vendored
View file

0
node_modules/@babel/compat-data/data/plugins.json → backend/node_modules/@babel/compat-data/data/plugins.json generated vendored
View file

0
node_modules/@babel/compat-data/native-modules.js → backend/node_modules/@babel/compat-data/native-modules.js generated vendored
View file

0
node_modules/@babel/compat-data/overlapping-plugins.js → backend/node_modules/@babel/compat-data/overlapping-plugins.js generated vendored
View file

0
node_modules/@babel/compat-data/package.json → backend/node_modules/@babel/compat-data/package.json generated vendored
View file

0
node_modules/@babel/compat-data/plugin-bugfixes.js → backend/node_modules/@babel/compat-data/plugin-bugfixes.js generated vendored
View file

0
node_modules/@babel/compat-data/plugins.js → backend/node_modules/@babel/compat-data/plugins.js generated vendored
View file

0
node_modules/@babel/core/LICENSE → backend/node_modules/@babel/core/LICENSE generated vendored
View file

0
node_modules/@babel/core/README.md → backend/node_modules/@babel/core/README.md generated vendored
View file

0
node_modules/@babel/core/lib/config/cache-contexts.js → backend/node_modules/@babel/core/lib/config/cache-contexts.js generated vendored
View file

0
node_modules/@babel/core/lib/config/cache-contexts.js.map → backend/node_modules/@babel/core/lib/config/cache-contexts.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/caching.js → backend/node_modules/@babel/core/lib/config/caching.js generated vendored
View file

0
node_modules/@babel/core/lib/config/caching.js.map → backend/node_modules/@babel/core/lib/config/caching.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/config-chain.js → backend/node_modules/@babel/core/lib/config/config-chain.js generated vendored
View file

0
node_modules/@babel/core/lib/config/config-chain.js.map → backend/node_modules/@babel/core/lib/config/config-chain.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/config-descriptors.js → backend/node_modules/@babel/core/lib/config/config-descriptors.js generated vendored
View file

0
node_modules/@babel/core/lib/config/config-descriptors.js.map → backend/node_modules/@babel/core/lib/config/config-descriptors.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/configuration.js → backend/node_modules/@babel/core/lib/config/files/configuration.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/configuration.js.map → backend/node_modules/@babel/core/lib/config/files/configuration.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/import.cjs → backend/node_modules/@babel/core/lib/config/files/import.cjs generated vendored
View file

0
node_modules/@babel/core/lib/config/files/import.cjs.map → backend/node_modules/@babel/core/lib/config/files/import.cjs.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/index-browser.js → backend/node_modules/@babel/core/lib/config/files/index-browser.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/index-browser.js.map → backend/node_modules/@babel/core/lib/config/files/index-browser.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/index.js → backend/node_modules/@babel/core/lib/config/files/index.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/index.js.map → backend/node_modules/@babel/core/lib/config/files/index.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/module-types.js → backend/node_modules/@babel/core/lib/config/files/module-types.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/module-types.js.map → backend/node_modules/@babel/core/lib/config/files/module-types.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/package.js → backend/node_modules/@babel/core/lib/config/files/package.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/package.js.map → backend/node_modules/@babel/core/lib/config/files/package.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/plugins.js → backend/node_modules/@babel/core/lib/config/files/plugins.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/plugins.js.map → backend/node_modules/@babel/core/lib/config/files/plugins.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/types.js → backend/node_modules/@babel/core/lib/config/files/types.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/types.js.map → backend/node_modules/@babel/core/lib/config/files/types.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/files/utils.js → backend/node_modules/@babel/core/lib/config/files/utils.js generated vendored
View file

0
node_modules/@babel/core/lib/config/files/utils.js.map → backend/node_modules/@babel/core/lib/config/files/utils.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/full.js → backend/node_modules/@babel/core/lib/config/full.js generated vendored
View file

0
node_modules/@babel/core/lib/config/full.js.map → backend/node_modules/@babel/core/lib/config/full.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/config-api.js → backend/node_modules/@babel/core/lib/config/helpers/config-api.js generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/config-api.js.map → backend/node_modules/@babel/core/lib/config/helpers/config-api.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/deep-array.js → backend/node_modules/@babel/core/lib/config/helpers/deep-array.js generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/deep-array.js.map → backend/node_modules/@babel/core/lib/config/helpers/deep-array.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/environment.js → backend/node_modules/@babel/core/lib/config/helpers/environment.js generated vendored
View file

0
node_modules/@babel/core/lib/config/helpers/environment.js.map → backend/node_modules/@babel/core/lib/config/helpers/environment.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/index.js → backend/node_modules/@babel/core/lib/config/index.js generated vendored
View file

0
node_modules/@babel/core/lib/config/index.js.map → backend/node_modules/@babel/core/lib/config/index.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/item.js → backend/node_modules/@babel/core/lib/config/item.js generated vendored
View file

0
node_modules/@babel/core/lib/config/item.js.map → backend/node_modules/@babel/core/lib/config/item.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/partial.js → backend/node_modules/@babel/core/lib/config/partial.js generated vendored
View file

0
node_modules/@babel/core/lib/config/partial.js.map → backend/node_modules/@babel/core/lib/config/partial.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/pattern-to-regex.js → backend/node_modules/@babel/core/lib/config/pattern-to-regex.js generated vendored
View file

0
node_modules/@babel/core/lib/config/pattern-to-regex.js.map → backend/node_modules/@babel/core/lib/config/pattern-to-regex.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/plugin.js → backend/node_modules/@babel/core/lib/config/plugin.js generated vendored
View file

0
node_modules/@babel/core/lib/config/plugin.js.map → backend/node_modules/@babel/core/lib/config/plugin.js.map generated vendored
View file

0
node_modules/@babel/core/lib/config/printer.js → backend/node_modules/@babel/core/lib/config/printer.js generated vendored
View file

0
node_modules/@babel/core/lib/config/printer.js.map → backend/node_modules/@babel/core/lib/config/printer.js.map generated vendored
View file

Some files were not shown because too many files have changed in this diff Show more