feat: Major updates to backend structure and security enhancements

- Removed `COMMON_ERRORS.md` file to streamline documentation. - Added `Flask-Limiter` for rate limiting and `redis` for session management in `requirements.txt`. - Expanded `ROADMAP.md` to include completed security features and planned enhancements for version 2.2. - Enhanced `setup_myp.sh` for ultra-secure kiosk installation, including system hardening and security configurations. - Updated `app.py` to integrate CSRF protection and improved logging setup. - Refactored user model to include username and active status for better user management. - Improved job scheduler with uptime tracking and task management features. - Updated various templates for a more cohesive user interface and experience.
2025-05-25 20:33:38 +02:00
parent e21104611f
commit 2d33753b94
1288 changed files with 247388 additions and 3249 deletions
--- a/backend/app/config/init.py
+++ b/backend/app/config/init.py
@@ -0,0 +1,74 @@
+# -*- coding: utf-8 -*-
+"""
+Configuration Package for MYP Platform
+======================================
+
+This package contains all configuration modules for the Mercedes-Benz 3D Printing Platform.
+
+Modules:
+    - security: Security configuration and middleware
+    - database: Database configuration and settings
+    - logging: Logging configuration
+    - app_config: Main application configuration
+"""
+
+__version__ = "2.0.0"
+__author__ = "MYP Development Team"
+
+# Import main configuration modules
+try:
+    from .security import SecurityConfig, get_security_headers
+    from .app_config import Config, DevelopmentConfig, ProductionConfig, TestingConfig
+except ImportError as e:
+    print(f"Warning: Could not import configuration modules: {e}")
+    # Fallback configurations
+    SecurityConfig = None
+    get_security_headers = None
+    Config = None
+
+# Export main configuration classes
+__all__ = [
+    'SecurityConfig',
+    'get_security_headers',
+    'Config',
+    'DevelopmentConfig', 
+    'ProductionConfig',
+    'TestingConfig'
+]
+
+def get_config(config_name='development'):
+    """
+    Get configuration object based on environment name.
+    
+    Args:
+        config_name (str): Configuration environment name
+        
+    Returns:
+        Config: Configuration object
+    """
+    configs = {
+        'development': DevelopmentConfig,
+        'production': ProductionConfig,
+        'testing': TestingConfig
+    }
+    
+    return configs.get(config_name, DevelopmentConfig)
+
+def validate_config(config_obj):
+    """
+    Validate configuration object.
+    
+    Args:
+        config_obj: Configuration object to validate
+        
+    Returns:
+        bool: True if valid, False otherwise
+    """
+    required_attrs = ['SECRET_KEY', 'DATABASE_URL']
+    
+    for attr in required_attrs:
+        if not hasattr(config_obj, attr):
+            print(f"Missing required configuration: {attr}")
+            return False
+    
+    return True 
--- a/backend/app/config/security.py
+++ b/backend/app/config/security.py
@@ -0,0 +1,81 @@
+"""
+Sicherheitskonfiguration für die MYP Platform
+"""
+
+# Sicherheits-Headers für HTTP-Responses
+SECURITY_HEADERS = {
+    'Content-Security-Policy': (
+        "default-src 'self'; "
+        "script-src 'self' 'unsafe-eval' 'unsafe-inline'; "
+        "script-src-elem 'self' 'unsafe-inline'; "
+        "style-src 'self' 'unsafe-inline'; "
+        "font-src 'self'; "
+        "img-src 'self' data:; "
+        "connect-src 'self'; "
+        "worker-src 'self' blob:; "
+        "frame-src 'none'; "
+        "object-src 'none'; "
+        "base-uri 'self'; "
+        "form-action 'self'; "
+        "frame-ancestors 'none';"
+    ),
+    'X-Content-Type-Options': 'nosniff',
+    'X-Frame-Options': 'DENY',
+    'X-XSS-Protection': '1; mode=block',
+    'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
+    'Referrer-Policy': 'strict-origin-when-cross-origin',
+    'Permissions-Policy': 'geolocation=(), microphone=(), camera=()'
+}
+
+# Rate Limiting Konfiguration
+RATE_LIMITS = {
+    'default': "200 per day, 50 per hour",
+    'login': "5 per minute",
+    'api': "100 per hour",
+    'admin': "500 per hour"
+}
+
+# Session-Sicherheit
+SESSION_CONFIG = {
+    'SESSION_COOKIE_SECURE': False,  # Für Offline-Betrieb auf False setzen
+    'SESSION_COOKIE_HTTPONLY': True,
+    'SESSION_COOKIE_SAMESITE': 'Lax',
+    'PERMANENT_SESSION_LIFETIME': 3600  # 1 Stunde
+}
+
+# CSRF-Schutz
+CSRF_CONFIG = {
+    'CSRF_ENABLED': True,
+    'CSRF_SESSION_KEY': 'csrf_token',
+    'CSRF_TIME_LIMIT': 3600
+}
+
+class SecurityConfig:
+    """Sicherheitskonfiguration für die Anwendung"""
+    
+    def __init__(self):
+        self.headers = SECURITY_HEADERS
+        self.rate_limits = RATE_LIMITS
+        self.session_config = SESSION_CONFIG
+        self.csrf_config = CSRF_CONFIG
+    
+    def get_headers(self):
+        """Gibt die Sicherheits-Headers zurück"""
+        return self.headers
+    
+    def get_rate_limits(self):
+        """Gibt die Rate-Limiting-Konfiguration zurück"""
+        return self.rate_limits
+    
+    def get_session_config(self):
+        """Gibt die Session-Konfiguration zurück"""
+        return self.session_config
+    
+    def get_csrf_config(self):
+        """Gibt die CSRF-Konfiguration zurück"""
+        return self.csrf_config
+
+
+def get_security_headers():
+    """Gibt die Sicherheits-Headers zurück"""
+    return SECURITY_HEADERS