365DevNet/365devnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security and localization features across the application

Browse Source 
- Added rehype-sanitize plugin to the markdown configuration for improved security against XSS attacks.
- Updated environment variables in the codebase to include new configurations for SMTP and monitoring.
- Implemented secure headers in server and Nginx configurations to bolster security.
- Refactored email handling to prevent spoofing by ensuring safe sender addresses.
- Improved localization by updating language persistence and button components for better user experience.
- Enhanced the uptime API and contact form with better error handling and logging practices.
- Updated dependencies in package.json and package-lock.json for better performance and security.
This commit is contained in:
Richard Bergsma
2025-10-19 21:13:15 +02:00
parent 6257a223b2
commit a767dbb115
26 changed files with 4931 additions and 833 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
DESIGN_REVIEW.md Normal file
View File

@@ -0,0 +1,52 @@
## Quick wins (top 5)
1) Add `rehype-sanitize` (already applied) and remove unnecessary `set:html` usages to prevent XSS and improve content robustness.
2) Eliminate CDN for Mermaid; use local dependency (already applied) to improve performance, privacy, and CSP compliance.
3) Optimize hero and large images using `src/components/common/Image.astro` everywhere; enforce `width`/`height` and lazy loading for non-LCP images.
4) Reduce JS on static pages by avoiding unnecessary client-side logs and inline scripts; prefer islands.
5) Improve form UX: ensure visible error messages, labels, and aria-live regions are consistent; keep focus management for spam/manual-review flows.
## Issues table
| ID | Page/Component | Problem | Impact | Fix |
|---|---|---|---|---|
| D1 | `Hero/Hero2/HeroText` | `set:html` in multiple slots | Med | Potential rendering inconsistencies and sanitization risk | Prefer rendering plain strings or sanitized HTML only |
| D2 | `Image.astro` usage | Not consistently used across pages | High | LCP/CLS and bandwidth | Replace `<img>` with `Image.astro` wrapper for optimization |
| D3 | `Footer.astro` | email obfuscation used `innerHTML` | Low | Minor XSS risk | Switched to `textContent` (applied) |
| D4 | Typography | Some lines exceed 85ch | Low | Readability | Use `max-w-prose` or `ch`-based widths in content wrappers |
| D5 | Forms | Inline scripts manage state | Med | Maintainability/perf | Extract to small islands if complexity grows |
## Before/After snippets
Replace `set:html` for simple line breaks:
```astro
<!-- Before -->
<div set:html={text.replace(/\n/g, '<br/>')}></div>
<!-- After -->
<div>
{text.split('\n').map((line) => (<>
{line}<br/>
</>))}
</div>
```
Avoid `innerHTML` when setting modal titles:
```js
// Before
titleEl.innerHTML = title;
// After
titleEl.textContent = String(title);
```
## Asset and typography guidance
- Use `src/components/common/Image.astro` for all images. Ensure: `alt` always set, `loading="lazy"` for non-LCP, explicit `width/height` to prevent CLS.
- Fonts: prefer `font-display: swap` (already via Inter variable). Limit weights/axes for performance.
- Containers: keep readable line length using `max-w-prose` or `max-w-[75ch]` for long text sections.
- Hydration: ensure islands only where needed (forms, uptime widgets). Keep content pages server-rendered.

27
README.md
View File

@@ -65,4 +65,29 @@ AstroWind is an open-source project created and maintained by [onWidget](https:/
- 💬 Community discussions: [AstroWind Discussions](https://github.com/onwidget/astrowind/discussions)
- 📄 License: [MIT License](https://github.com/onwidget/astrowind/blob/main/LICENSE.md)
Weve adapted the template to reflect the unique mission and brand identity of 365DevNet, while continuing to follow the project's great structure and standards.
Weve adapted the template to reflect the unique mission and brand identity of 365DevNet, while continuing to follow the project's great structure and standards.
---
## 🔐 Environment Variables
Create a .env file and keep it out of version control. Example:
```env
# Email
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
ADMIN_EMAIL=
WEBSITE_NAME=365DevNet Support
# Monitoring
UPTIME_KUMA_URL=
# SCM
GITEA_TOKEN=
# AI (optional)
GEMINI_API_KEY=
```

135
SECURITY_AUDIT.md Normal file
View File

@@ -0,0 +1,135 @@
## Executive summary
Astro SSR is enabled; endpoints handle contact, uptime, and commits. Main risks were HTML injection and missing headers. Minimal edits applied: enable `rehype-sanitize`, drop Mermaid CDN, avoid `innerHTML` where not needed, reduce PII in logs, soften Gemini init, and add headers/CSP snippets for both static hosts and Nginx.
## Risk table
| ID | File/Path | Issue | Severity | Why it matters | Fix |
|---|---|---|---|---|---|
| S1 | `astro.config.ts` | MD/MDX not sanitized | High | XSS via content/slots | Add `rehype-sanitize` |
| S2 | `src/pages/[lang]/topdesk.astro` | CDN Mermaid + `innerHTML` | High | CSP bypass/XSS | Use local `mermaid`, keep injection controlled |
| S3 | `src/components/widgets/ModernEducation.astro` | Title via `innerHTML` | Med | XSS if title contains HTML | Use `textContent` |
| S4 | `src/pages/[lang]/index.astro` | `set:html` for line breaks | Low | Avoidable HTML injection | Render lines with `<br/>` |
| S5 | `src/pages/api/contact.ts` | PII in logs | Med | Privacy/legal | Remove PII logs |
| S6 | `src/utils/gemini-spam-check.ts` | Throws when key missing | Med | Startup failure | Lazy init, fail open |
| S7 | `public/_headers`, `nginx/nginx.conf` | Missing headers/CSP | High | XSS/MIME sniffing | Add strict headers and CSP |
| S8 | `src/middleware.ts` | 301 for lang redirect | Low | Sticky cache | Use 302 |
| S9 | `src/pages/api/uptime.ts` | Verbose error detail | Low | Info leakage | Return generic details |
## Detailed findings with references
- S1: `astro.config.ts` now includes `rehype-sanitize` alongside existing plugins.
- S2: `src/pages/[lang]/topdesk.astro` imports `mermaid` locally and renders SVG without remote CDN.
- S3/S4: Components/pages adjusted to avoid `innerHTML`/`set:html` for simple cases.
- S5/S6/S9: API/util logs are minimal; no PII or stack traces in prod responses.
- S7: Headers added for both Nginx and static hosting.
- S8: Middleware redirect switched to 302.
## Applied patches (concise)
1) Enable sanitize in Astro markdown
```diff
--- a/astro.config.ts
+++ b/astro.config.ts
@@
markdown: {
remarkPlugins: [readingTimeRemarkPlugin],
- rehypePlugins: [responsiveTablesRehypePlugin, lazyImagesRehypePlugin],
+ rehypePlugins: [rehypeSanitize, responsiveTablesRehypePlugin, lazyImagesRehypePlugin],
},
```
2) Remove CDN and render Mermaid locally
```diff
--- a/src/pages/[lang]/topdesk.astro
+++ b/src/pages/[lang]/topdesk.astro
@@
- const mermaid = await import('https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs');
+ const mermaidModule = await import('mermaid');
+ const mermaid = mermaidModule.default || mermaidModule;
@@
- const { svg } = await mermaid.default.render(id, mermaidCode);
+ const { svg } = await mermaid.render(id, mermaidCode);
```
3) Avoid `innerHTML` for titles; use `textContent`
```diff
--- a/src/components/widgets/ModernEducation.astro
+++ b/src/components/widgets/ModernEducation.astro
@@
- const tempDiv = document.createElement('div');
- tempDiv.innerHTML = title;
- const cleanTitle = tempDiv.textContent || tempDiv.innerText || title;
+ const cleanTitle = String(title);
@@
- document.getElementById('educationModalTitle').innerHTML = title;
+ const titleEl = document.getElementById('educationModalTitle');
+ if (titleEl) titleEl.textContent = cleanTitle;
```
4) Replace trivial `set:html`
```diff
--- a/src/pages/[lang]/index.astro
+++ b/src/pages/[lang]/index.astro
@@
- <div class="text-lg pt-4 method-highlights" set:html={explosive.approach.highlights.replace(/\n/g, '<br/>')}>
- </div>
+ <div class="text-lg pt-4 method-highlights">
+ {explosive.approach.highlights.split('\n').map((line) => (
+ <>
+ {line}
+ <br />
+ </>
+ ))}
+ </div>
```
5) Reduce PII logging; lazy Gemini init
```diff
--- a/src/pages/api/contact.ts
+++ b/src/pages/api/contact.ts
@@
- console.log('Client IP:', ipAddress);
+ // avoid logging IP in production
@@
- console.log('Rate limit exceeded');
+ console.warn('Rate limit exceeded for contact endpoint');
```
```diff
--- a/src/utils/gemini-spam-check.ts
+++ b/src/utils/gemini-spam-check.ts
@@
-const GEMINI_API_KEY = process.env.GEMINI_API_KEY;
-if (!GEMINI_API_KEY) { throw new Error('...') }
-const genAI = new GoogleGenerativeAI(GEMINI_API_KEY);
+const GEMINI_API_KEY = process.env.GEMINI_API_KEY;
+const genAI = GEMINI_API_KEY ? new GoogleGenerativeAI(GEMINI_API_KEY) : null;
```
6) Headers/CSP
- Static host `_headers` additions in `public/_headers` (applied).
- Nginx secure headers added in `nginx/nginx.conf` (applied).
Starter CSP (static host file already contains a commented safer baseline):
```text
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'
```
If you keep inline scripts, use Astro nonces or move to external files to avoid `'unsafe-inline'` for scripts entirely.
## Follow-up tasks
- Add CI with: `npm ci`, `npm run check`, `npm run build`, `npm audit --omit=dev`.
- Consider switching `output: 'server'` to prerender where feasible for brochure pages; keep APIs SSR.
- Review all remaining `set:html` occurrences and ensure content sources are trusted/sanitized.
- Document `.env` variables; `.env` example added to README.

3
astro.config.ts
View File

@@ -6,6 +6,7 @@ import { defineConfig } from 'astro/config';
import sitemap from '@astrojs/sitemap';
import tailwind from '@astrojs/tailwind';
import mdx from '@astrojs/mdx';
import rehypeSanitize from 'rehype-sanitize';
import react from '@astrojs/react';
import partytown from '@astrojs/partytown';
import icon from 'astro-icon';
@@ -96,7 +97,7 @@ export default defineConfig({
markdown: {
remarkPlugins: [readingTimeRemarkPlugin],
rehypePlugins: [responsiveTablesRehypePlugin, lazyImagesRehypePlugin],
rehypePlugins: [rehypeSanitize, responsiveTablesRehypePlugin, lazyImagesRehypePlugin],
},
vite: {

9
nginx/nginx.conf
View File

@@ -39,6 +39,15 @@ http {
root /usr/share/nginx/html;
index index.html index.htm;
# Security headers
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), interest-cohort=()" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Embedder-Policy "require-corp" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'nonce-astro'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'" always;
# Error pages
error_page 404 /404.html;
location = /404.html {

3175
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

43
package.json
View File

@@ -22,11 +22,11 @@
"fix:prettier": "prettier -w ."
},
"dependencies": {
"@astrojs/node": "^9.2.2",
"@astrojs/node": "^9.5.0",
"@astrojs/prefetch": "^0.4.1",
"@astrojs/react": "^4.2.0",
"@astrojs/react": "^4.4.0",
"@astrojs/rss": "^4.0.11",
"@astrojs/sitemap": "^3.2.1",
"@astrojs/sitemap": "^3.6.0",
"@astrolib/analytics": "^0.6.1",
"@astrolib/seo": "^1.0.0-beta.8",
"@fontsource-variable/inter": "^5.1.1",
@@ -34,7 +34,7 @@
"@tippyjs/react": "^4.2.6",
"@types/react": "^19.0.10",
"@types/react-dom": "^19.0.4",
"astro": "^5.2.3",
"astro": "^5.14.6",
"astro-embed": "^0.9.0",
"astro-icon": "^1.1.5",
"compression": "^1.7.4",
@@ -45,9 +45,10 @@
"jsonwebtoken": "^9.0.2",
"limax": "4.1.0",
"lodash.merge": "^4.6.2",
"luxon": "^3.6.1",
"luxon": "^3.7.2",
"mermaid": "^11.12.0",
"node-fetch": "^3.3.2",
"nodemailer": "^6.10.0",
"nodemailer": "^7.0.9",
"rate-limiter-flexible": "^5.0.5",
"react": "^19.0.0",
"react-dom": "^19.0.0",
@@ -56,36 +57,44 @@
},
"devDependencies": {
"@astrojs/check": "^0.9.4",
"@astrojs/mdx": "^4.0.8",
"@astrojs/mdx": "^4.3.7",
"@astrojs/partytown": "^2.1.3",
"@astrojs/tailwind": "^6.0.0",
"@eslint/js": "^9.18.0",
"@eslint/js": "^9.38.0",
"@iconify-json/circle-flags": "^1.2.6",
"@iconify-json/flat-color-icons": "^1.2.1",
"@iconify-json/tabler": "^1.2.14",
"@tailwindcss/typography": "^0.5.16",
"@tailwindcss/typography": "^0.5.19",
"@types/eslint__js": "^8.42.3",
"@types/js-yaml": "^4.0.9",
"@types/jsonwebtoken": "^9.0.9",
"@types/lodash.merge": "^4.6.9",
"@types/mdx": "^2.0.13",
"@typescript-eslint/eslint-plugin": "^8.21.0",
"@typescript-eslint/parser": "^8.21.0",
"@typescript-eslint/eslint-plugin": "8.46.1",
"@typescript-eslint/parser": "8.46.1",
"astro-compress": "2.3.6",
"astro-eslint-parser": "^1.1.0",
"eslint": "^9.18.0",
"eslint": "^9.38.0",
"eslint-plugin-astro": "^1.3.1",
"globals": "^15.14.0",
"globals": "^16.4.0",
"js-yaml": "^4.1.0",
"mdast-util-to-string": "^4.0.0",
"prettier": "^3.4.2",
"prettier": "^3.6.2",
"rehype-sanitize": "^6.0.0",
"prettier-plugin-astro": "^0.14.1",
"reading-time": "^1.5.0",
"sharp": "0.33.5",
"tailwind-merge": "^2.6.0",
"tailwind-merge": "^3.3.1",
"tailwindcss": "^3.4.17",
"typescript": "^5.8.3",
"typescript-eslint": "^8.21.0",
"typescript": "^5.9.3",
"typescript-eslint": "8.46.1",
"unist-util-visit": "^5.0.0"
},
"overrides": {
"devalue": "^5.3.2",
"ws": "^8.17.1",
"tar-fs": "^2.1.5",
"axios": "^1.12.0",
"typescript-eslint": "8.46.1"
}
}

10
public/_headers
View File

@@ -1,2 +1,12 @@
/_astro/*
Cache-Control: public, max-age=31536000, immutable
/*
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(), camera=(), microphone=(), interest-cohort=()
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# Content-Security-Policy starter (enable after auditing inline scripts)
# Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'

16
server.js
View File

@@ -11,6 +11,22 @@ const PORT = process.env.PORT || 3000;
// Enable gzip/brotli compression
app.use(compression());
// Set minimal secure headers for SSR responses
app.use((req, res, next) => {
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
// Gate SSR CSP to avoid breaking inline scripts unless explicitly enabled
if (process.env.ENABLE_SSR_CSP === '1') {
res.setHeader(
'Content-Security-Policy',
"default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://cdn.pixabay.com https://raw.githubusercontent.com; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
);
}
next();
});
// Serve static assets from the dist/client directory
app.use(express.static(path.join(__dirname, 'dist/client')));

72
src/assets/images/topdesk-api-docs.png Normal file
View File

@@ -0,0 +1,72 @@
---
// Create this file as: src/assets/images/topdesk-api-docs.png placeholder
// You can replace this with an actual image file
// For now, you can create a simple placeholder or use an existing image
// The image import in the main file should be:
// import TOPDeskImage from '~/assets/images/topdesk-api-docs.png';
// If you want to create the image programmatically or use a placeholder,
// you can create an SVG file instead:
---
<svg width="800" height="600" viewBox="0 0 800 600" xmlns="http://www.w3.org/2000/svg">
<defs>
<linearGradient id="grad1" x1="0%" y1="0%" x2="100%" y2="100%">
<stop offset="0%" style="stop-color:#667eea;stop-opacity:1" />
<stop offset="50%" style="stop-color:#764ba2;stop-opacity:1" />
<stop offset="100%" style="stop-color:#f093fb;stop-opacity:1" />
</linearGradient>
</defs>
<!-- Background -->
<rect width="800" height="600" fill="url(#grad1)"/>
<!-- Grid pattern -->
<defs>
<pattern id="grid" width="40" height="40" patternUnits="userSpaceOnUse">
<path d="M 40 0 L 0 0 0 40" fill="none" stroke="rgba(255,255,255,0.1)" stroke-width="1"/>
</pattern>
</defs>
<rect width="800" height="600" fill="url(#grid)"/>
<!-- Main content area -->
<rect x="100" y="100" width="600" height="400" rx="20" fill="rgba(255,255,255,0.1)" stroke="rgba(255,255,255,0.2)" stroke-width="2"/>
<!-- Header -->
<rect x="120" y="120" width="560" height="80" rx="10" fill="rgba(255,255,255,0.15)"/>
<text x="400" y="170" text-anchor="middle" fill="white" font-family="Arial, sans-serif" font-size="24" font-weight="bold">API Documentation</text>
<!-- Content blocks -->
<rect x="140" y="220" width="160" height="100" rx="8" fill="rgba(255,255,255,0.1)"/>
<rect x="320" y="220" width="160" height="100" rx="8" fill="rgba(255,255,255,0.1)"/>
<rect x="500" y="220" width="160" height="100" rx="8" fill="rgba(255,255,255,0.1)"/>
<!-- Content block icons -->
<circle cx="220" cy="250" r="15" fill="rgba(255,255,255,0.3)"/>
<circle cx="400" cy="250" r="15" fill="rgba(255,255,255,0.3)"/>
<circle cx="580" cy="250" r="15" fill="rgba(255,255,255,0.3)"/>
<!-- Content lines -->
<rect x="150" y="280" width="140" height="4" rx="2" fill="rgba(255,255,255,0.4)"/>
<rect x="150" y="290" width="100" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<rect x="150" y="300" width="120" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<rect x="330" y="280" width="140" height="4" rx="2" fill="rgba(255,255,255,0.4)"/>
<rect x="330" y="290" width="100" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<rect x="330" y="300" width="120" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<rect x="510" y="280" width="140" height="4" rx="2" fill="rgba(255,255,255,0.4)"/>
<rect x="510" y="290" width="100" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<rect x="510" y="300" width="120" height="4" rx="2" fill="rgba(255,255,255,0.3)"/>
<!-- Footer -->
<rect x="120" y="420" width="560" height="60" rx="10" fill="rgba(255,255,255,0.1)"/>
<text x="400" y="455" text-anchor="middle" fill="rgba(255,255,255,0.8)" font-family="Arial, sans-serif" font-size="14">Technical Integration Guide</text>
<!-- Floating elements -->
<circle cx="150" cy="150" r="8" fill="rgba(255,255,255,0.2)"/>
<circle cx="650" cy="180" r="12" fill="rgba(255,255,255,0.15)"/>
<circle cx="180" cy="450" r="6" fill="rgba(255,255,255,0.25)"/>
<circle cx="620" cy="420" r="10" fill="rgba(255,255,255,0.2)"/>
</svg>

31
src/assets/styles/tailwind.css
View File

@@ -2,6 +2,37 @@
@tailwind components;
@tailwind utilities;
/* Global focus ring for accessibility */
:root {
--ring-color: 0 0 0;
}
:focus-visible {
outline: 2px solid rgb(59 130 246 / 0.8);
outline-offset: 2px;
}
/* Readable measure for long-form content */
.prose-measure {
max-width: 75ch;
}
/* Typography clamps */
h1 { font-size: clamp(2rem, 5vw, 3.5rem); }
h2 { font-size: clamp(1.5rem, 3.5vw, 2.25rem); }
h3 { font-size: clamp(1.25rem, 3vw, 1.75rem); }
p, li { font-size: clamp(1rem, 2.5vw, 1.125rem); line-height: 1.7; }
/* Respect prefers-reduced-motion */
@media (prefers-reduced-motion: reduce) {
*, *::before, *::after {
animation-duration: 0.001ms !important;
animation-iteration-count: 1 !important;
transition-duration: 0.001ms !important;
scroll-behavior: auto !important;
}
}
@layer base {
p,
li,

2
src/components/LanguagePersistence.astro
View File

@@ -25,7 +25,7 @@ declare global {
// Set cookie with a long expiration (1 year)
const expirationDate = new Date();
expirationDate.setFullYear(expirationDate.getFullYear() + 1);
document.cookie = `preferredLanguage=${langCode}; expires=${expirationDate.toUTCString()}; path=/; SameSite=Lax`;
document.cookie = `preferredLanguage=${langCode}; expires=${expirationDate.toUTCString()}; path=/; SameSite=Lax; Secure`;
}
// Function to get language from cookie

10
src/components/ui/Button.astro
View File

@@ -13,11 +13,13 @@ const {
...rest
} = Astro.props;
const baseBtn = 'inline-flex items-center justify-center rounded-full font-semibold transition-colors focus-visible:outline-2 focus-visible:outline-offset-2 disabled:opacity-60 disabled:cursor-not-allowed';
const sizes = 'px-6 py-3 text-base';
const variants = {
primary: 'btn-primary',
secondary: 'btn-secondary',
tertiary: 'btn btn-tertiary',
link: 'cursor-pointer hover:text-primary',
primary: `${baseBtn} ${sizes} bg-blue-600 text-white hover:bg-blue-700 focus-visible:outline-blue-600`,
secondary: `${baseBtn} ${sizes} bg-white/90 dark:bg-slate-800 text-slate-900 dark:text-slate-100 border border-slate-200 dark:border-slate-700 hover:bg-white dark:hover:bg-slate-700 focus-visible:outline-slate-600`,
tertiary: `${baseBtn} ${sizes} bg-transparent text-blue-600 hover:bg-blue-50 dark:hover:bg-slate-800 focus-visible:outline-blue-600`,
link: 'cursor-pointer underline underline-offset-4 hover:no-underline text-blue-600 dark:text-blue-400',
};
const ariaLabel = !text || (typeof text === 'string' && text.trim() === '') ? Astro.props['aria-label'] : undefined;

12
src/components/widgets/Footer.astro
View File

@@ -88,20 +88,16 @@ const {
<!-- Business Information (Dutch Law Requirements) -->
<div class="text-sm text-white-500 space-y-1">
<a id="obfuscated-email" href="#" class="hover:underline">info [at] 365devnet [dot] eu</a>
<script is:inline>
// Obfuscated email: info@365devnet@+@eu
// @+@ will be replaced with a dot (.)
<script is:inline nonce="astro">
const user = "info";
const domain = "365devnet";
const tld = "eu";
const email = `${user}@${domain}@+@${tld}`;
const subject = "Message&nbsp;from&nbsp;website";
const realEmail = email.replace("@+@", "."); // Converts to info@365devnet.eu
const mailto = `mailto:${realEmail}?subject=${subject}`;
const realEmail = `${user}@${domain}.${tld}`;
const mailto = `mailto:${realEmail}?subject=Message%20from%20website`;
const link = document.getElementById("obfuscated-email");
if (link) {
link.setAttribute("href", mailto);
link.innerHTML = realEmail;
link.textContent = realEmail;
}
</script>
</div>

8
src/components/widgets/ModernEducation.astro
View File

@@ -240,9 +240,8 @@ const getEducationStyle = (title: string) => {
const title = element.dataset.educationTitle;
const description = element.dataset.educationDescription;
const tempDiv = document.createElement('div');
tempDiv.innerHTML = title;
const cleanTitle = tempDiv.textContent || tempDiv.innerText || title;
// Sanitize potential HTML in title by using textContent fallback only
const cleanTitle = String(title);
const titleLower = cleanTitle.toLowerCase();
let statusText = '';
@@ -259,7 +258,8 @@ const getEducationStyle = (title: string) => {
statusClass = 'text-purple-600 dark:text-purple-400';
}
document.getElementById('educationModalTitle').innerHTML = title;
const titleEl = document.getElementById('educationModalTitle');
if (titleEl) titleEl.textContent = cleanTitle;
document.getElementById('educationModalDescription').textContent = description || 'No additional information available.';
document.getElementById('educationModalStatus').textContent = statusText;
document.getElementById('educationModalStatus').className = `text-sm font-medium ${statusClass}`;

12
src/env.d.ts vendored
View File

@@ -5,7 +5,17 @@
/// <reference types="../vendor/integration/types.d.ts" />
interface ImportMetaEnv {
readonly GITLAB_TOKEN: string;
readonly GITEA_TOKEN?: string;
readonly UPTIME_KUMA_URL?: string;
readonly SITE?: string;
readonly SMTP_HOST?: string;
readonly SMTP_PORT?: string;
readonly SMTP_USER?: string;
readonly SMTP_PASS?: string;
readonly ADMIN_EMAIL?: string;
readonly WEBSITE_NAME?: string;
readonly GEMINI_API_KEY?: string;
readonly MANUAL_REVIEW_SECRET?: string;
}
interface ImportMeta {

1103
src/i18n/translations.topdesk-docs.ts Normal file
View File

File diff suppressed because it is too large Load Diff

3
src/middleware.ts
View File

@@ -3,7 +3,8 @@ import { defineMiddleware } from 'astro:middleware';
export const onRequest = defineMiddleware(async (context, next) => {
// Only redirect if we're at the root path
if (context.url.pathname === '/') {
return context.redirect('/en', 301);
// Use 302 to avoid permanent redirect caching during content negotiation
return context.redirect('/en', 302);
}
return next();

4
src/pages/[lang]/aboutme.astro
View File

@@ -425,10 +425,10 @@ const metadata = {
{mainT.hero.subtitle}
</div>
<div class="cta-container">
<a href="#about" class="cta-primary-enhanced">
<a href="#about" class="inline-flex items-center justify-center rounded-full font-semibold transition-colors px-6 py-3 text-base bg-blue-600 text-white hover:bg-blue-700 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-blue-600">
{t.about.actions.learnMore}
</a>
<a href="#resume" class="cta-secondary-enhanced">
<a href="#resume" class="inline-flex items-center justify-center rounded-full font-semibold transition-colors px-6 py-3 text-base bg-white/90 dark:bg-slate-800 text-slate-900 dark:text-slate-100 border border-slate-200 dark:border-slate-700 hover:bg-white dark:hover:bg-slate-700 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-slate-600">
{t.about.actions.viewExperience}
</a>
</div>

16
src/pages/[lang]/index.astro
View File

@@ -491,12 +491,12 @@ const metadata = {
text: explosive.actions.learnMore,
href: '#services',
class: 'cta-explosive'
variant: 'primary'
},
{
text: explosive.actions.contactMe,
text: explosive.actions.contactMe,
href: '#contact',
class: 'cta-secondary-explosive'
variant: 'secondary'
},
]}
image={{
@@ -598,7 +598,13 @@ const metadata = {
))}
</div>
<div class="text-lg pt-4 method-highlights" set:html={explosive.approach.highlights.replace(/\n/g, '<br/>')}>
<div class="text-lg pt-4 method-highlights">
{explosive.approach.highlights.split('\n').map((line) => (
<>
{line}
<br />
</>
))}
</div>
</div>
</Fragment>
@@ -612,7 +618,7 @@ const metadata = {
text: explosive.cta.button,
href: '#contact',
icon: 'tabler:rocket',
class: 'cta-explosive'
variant: 'primary'
}}
classes={{
container: 'glass-vibrant'

948
src/pages/[lang]/topdesk.astro Normal file
View File

@@ -0,0 +1,948 @@
---
export const prerender = true;
import Layout from '~/layouts/PageLayout.astro';
import StructuredData from '~/components/common/StructuredData.astro';
import Hero from '~/components/widgets/Hero.astro';
import Content from '~/components/widgets/Content.astro';
import TOPDeskImage from '~/assets/images/topdesk-api-docs.png';
import { getTranslation } from '~/i18n/translations';
import { getTOPDeskDocsTranslation, supportedLanguages } from '~/i18n/translations.topdesk-docs';
import { SITE } from 'astrowind:config';
export async function getStaticPaths() {
return supportedLanguages.map((lang) => ({
params: { lang },
}));
}
const { lang } = Astro.params;
if (!supportedLanguages.includes(lang)) {
return Astro.redirect('/en/topdesk-api-docs');
}
// Get main translations for shared components (navigation, footer, etc.)
const mainT = getTranslation(lang);
// Get TOPDesk docs specific translations
const t = getTOPDeskDocsTranslation(lang);
const metadata = {
title: t.metadata.title,
description: t.metadata.description
};
---
<style>
/* Modern animated background with floating elements - matching aboutme.astro style */
.animated-hero-bg {
background: linear-gradient(135deg, #667eea 0%, #764ba2 50%, #f093fb 100%);
background-size: 300% 300%;
animation: gradientShift 15s ease infinite;
position: relative;
overflow: hidden;
}
.animated-hero-bg::before {
content: '';
position: absolute;
top: -50%;
left: -50%;
width: 200%;
height: 200%;
background: radial-gradient(circle, rgba(255,255,255,0.1) 1px, transparent 1px);
background-size: 50px 50px;
animation: backgroundMove 20s linear infinite;
}
.floating-elements {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
pointer-events: none;
overflow: hidden;
}
.floating-shape {
position: absolute;
opacity: 0.15;
animation: float 20s infinite linear;
}
.shape-1 {
top: 20%;
left: 10%;
width: 80px;
height: 80px;
background: linear-gradient(135deg, rgba(255,255,255,0.2), rgba(255,255,255,0.05));
border-radius: 50%;
backdrop-filter: blur(10px);
border: 1px solid rgba(255,255,255,0.1);
animation-delay: 0s;
}
.shape-2 {
top: 60%;
right: 15%;
width: 120px;
height: 120px;
background: linear-gradient(135deg, rgba(255,255,255,0.15), rgba(255,255,255,0.03));
border-radius: 30px;
backdrop-filter: blur(15px);
border: 1px solid rgba(255,255,255,0.1);
animation-delay: -7s;
}
.shape-3 {
bottom: 30%;
left: 20%;
width: 60px;
height: 60px;
background: linear-gradient(135deg, rgba(255,255,255,0.25), rgba(255,255,255,0.08));
border-radius: 50%;
backdrop-filter: blur(8px);
border: 1px solid rgba(255,255,255,0.15);
animation-delay: -14s;
}
.shape-4 {
top: 40%;
right: 35%;
width: 40px;
height: 40px;
background: linear-gradient(135deg, rgba(255,255,255,0.2), rgba(255,255,255,0.05));
border-radius: 8px;
backdrop-filter: blur(12px);
border: 1px solid rgba(255,255,255,0.1);
animation-delay: -10s;
}
@keyframes gradientShift {
0%, 100% { background-position: 0% 50%; }
50% { background-position: 100% 50%; }
}
@keyframes backgroundMove {
0% { transform: translateX(0) translateY(0); }
100% { transform: translateX(-50px) translateY(-50px); }
}
@keyframes float {
0%, 100% {
transform: translateY(0px) rotate(0deg) scale(1);
opacity: 0.15;
}
25% {
transform: translateY(-30px) rotate(90deg) scale(1.1);
opacity: 0.25;
}
50% {
transform: translateY(-15px) rotate(180deg) scale(1.05);
opacity: 0.2;
}
75% {
transform: translateY(-25px) rotate(270deg) scale(1.15);
opacity: 0.3;
}
}
/* Enhanced glassmorphism effects for all sections */
:global(.glass-enhanced) {
background: rgba(255, 255, 255, 0.95) !important;
backdrop-filter: blur(20px) !important;
border: 1px solid rgba(255, 255, 255, 0.2) !important;
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.1),
0 0 0 1px rgba(255, 255, 255, 0.05) inset !important;
transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1) !important;
}
:global(.glass-enhanced:hover) {
transform: translateY(-8px) !important;
box-shadow: 0 32px 80px rgba(0, 0, 0, 0.15),
0 0 0 1px rgba(255, 255, 255, 0.1) inset !important;
background: rgba(255, 255, 255, 0.98) !important;
}
/* Dark mode enhancements */
:global(.dark .glass-enhanced) {
background: rgba(30, 30, 50, 0.95) !important;
border-color: rgba(255, 255, 255, 0.1) !important;
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3),
0 0 0 1px rgba(255, 255, 255, 0.03) inset !important;
}
:global(.dark .glass-enhanced:hover) {
background: rgba(35, 35, 60, 0.98) !important;
box-shadow: 0 32px 80px rgba(0, 0, 0, 0.4),
0 0 0 1px rgba(255, 255, 255, 0.05) inset !important;
}
/* Hero title styling */
.hero-title-enhanced {
font-size: clamp(2.5rem, 6vw, 4.5rem);
font-weight: 900;
background: linear-gradient(135deg,
#667eea 0%,
#764ba2 25%,
#f093fb 50%,
#f5576c 75%,
#4facfe 100%);
background-size: 300% 300%;
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-clip: text;
animation: gradientShift 8s ease-in-out infinite;
letter-spacing: -0.02em;
line-height: 1.1;
margin-bottom: 1.5rem;
text-shadow: 0 0 30px rgba(102, 126, 234, 0.3);
}
/* Full-width subtitle */
.hero-subtitle-enhanced {
font-size: 1.2rem;
background: rgba(255, 255, 255, 0.9);
backdrop-filter: blur(15px);
border: 1px solid rgba(255, 255, 255, 0.2);
border-radius: 16px;
padding: 1.5rem 2rem;
color: #1a1a1a;
width: 100%;
max-width: none;
margin: 0 0 2rem 0;
line-height: 1.6;
font-weight: 500;
box-shadow: 0 10px 40px rgba(0, 0, 0, 0.1);
text-align: center;
}
:global(.dark) .hero-subtitle-enhanced {
background: rgba(30, 30, 50, 0.9);
color: #e2e8f0;
border-color: rgba(255, 255, 255, 0.1);
}
/* CTA buttons */
.cta-container {
display: flex;
gap: 1rem;
justify-content: center;
flex-wrap: wrap;
margin-top: 1.5rem;
}
.cta-primary-enhanced {
background: linear-gradient(135deg, #667eea, #764ba2);
color: white;
padding: 0.875rem 2rem;
border-radius: 50px;
text-decoration: none;
font-weight: 600;
font-size: 1rem;
transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
box-shadow: 0 10px 25px rgba(102, 126, 234, 0.3);
border: 2px solid transparent;
position: relative;
overflow: hidden;
}
.cta-primary-enhanced::before {
content: '';
position: absolute;
top: 0;
left: -100%;
width: 100%;
height: 100%;
background: linear-gradient(90deg, transparent, rgba(255, 255, 255, 0.2), transparent);
transition: left 0.5s;
}
.cta-primary-enhanced:hover::before {
left: 100%;
}
.cta-primary-enhanced:hover {
transform: translateY(-5px) scale(1.05);
box-shadow: 0 25px 50px rgba(102, 126, 234, 0.5);
}
/* Documentation content styling - UPDATED FOR FULL WIDTH */
.docs-content {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
line-height: 1.7;
color: #333;
width: 100%;
max-width: 75ch;
margin: 0 auto;
padding: 0 1rem;
text-align: left;
}
/* Headings */
.docs-content h2,
.docs-content h3,
.docs-content h4 {
text-align: left;
margin-left: 0;
margin-right: 0;
width: 100%;
}
.docs-content h2 {
color: #2c3e50;
border-bottom: 2px solid #3498db;
padding-bottom: 10px;
margin-top: 40px;
margin-bottom: 20px;
}
.docs-content h3 {
color: #34495e;
border-left: 4px solid #3498db;
padding-left: 15px;
margin-top: 30px;
margin-bottom: 15px;
text-align: left; /* Left align h3 for better readability */
}
.docs-content h4 {
color: #2c3e50;
margin-top: 25px;
margin-bottom: 10px;
text-align: left; /* Left align h4 for better readability */
}
/* Full width content containers - UPDATED */
.content-wrapper {
width: 100%;
max-width: none !important;
margin: 0;
padding: 0;
}
.full-width-content {
width: 100%;
max-width: none !important;
margin: 0 auto;
padding: 0 2rem;
}
.docs-content .mermaid {
text-align: center;
margin: 30px auto;
background: #fafafa;
border: 1px solid #e0e0e0;
border-radius: 8px;
padding: 20px;
width: 100%;
max-width: 100%;
overflow-x: auto;
}
:global(.dark) .docs-content .mermaid {
background: rgba(30, 30, 50, 0.5);
border-color: rgba(255, 255, 255, 0.1);
}
.docs-content pre {
background: #f8f8f8;
border: 1px solid #ddd;
border-radius: 6px;
padding: 15px;
overflow-x: auto;
font-size: 0.9em;
width: 100%;
}
:global(.dark) .docs-content pre {
background: rgba(30, 30, 50, 0.8);
border-color: rgba(255, 255, 255, 0.1);
color: #e2e8f0;
}
.docs-content code {
background: #f1f1f1;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Monaco', 'Menlo', monospace;
font-size: 0.9em;
}
:global(.dark) .docs-content code {
background: rgba(255, 255, 255, 0.1);
color: #e2e8f0;
}
.docs-content table {
width: 100%;
border-collapse: collapse;
margin: 20px 0;
background: white;
box-shadow: 0 1px 3px rgba(0,0,0,0.1);
}
:global(.dark) .docs-content table {
background: rgba(30, 30, 50, 0.8);
}
.docs-content th,
.docs-content td {
border: 1px solid #ddd;
padding: 12px;
text-align: left;
}
:global(.dark) .docs-content th,
:global(.dark) .docs-content td {
border-color: rgba(255, 255, 255, 0.1);
}
.docs-content th {
background: #f5f5f5;
font-weight: 600;
color: #333;
}
:global(.dark) .docs-content th {
background: rgba(255, 255, 255, 0.05);
color: #e2e8f0;
}
.alert {
padding: 15px;
margin: 20px 0;
border-radius: 6px;
border-left: 4px solid;
width: 100%;
}
.alert-warning {
background: #fff3cd;
border-left-color: #ffc107;
color: #856404;
}
:global(.dark) .alert-warning {
background: rgba(255, 193, 7, 0.1);
color: #ffc107;
}
.endpoint {
background: #e8f4f8;
border: 1px solid #b8dce8;
border-radius: 6px;
padding: 15px;
margin: 15px 0;
width: 100%;
}
:global(.dark) .endpoint {
background: rgba(30, 30, 50, 0.8);
border-color: rgba(255, 255, 255, 0.1);
}
.endpoint-method {
display: inline-block;
padding: 4px 8px;
border-radius: 4px;
font-weight: bold;
font-size: 0.8em;
margin-right: 10px;
}
.method-get { background: #28a745; color: white; }
.method-post { background: #007bff; color: white; }
.method-patch { background: #ffc107; color: #212529; }
/* Section spacing */
.content-section {
margin: 4rem 0;
position: relative;
width: 100%;
}
.content-section:first-of-type {
margin-top: 2rem;
}
/* Override any container max-width restrictions */
:global(.container) {
max-width: none !important;
width: 100% !important;
}
/* Custom content class overrides */
:global(.content-max-none) {
max-width: none !important;
width: 100% !important;
}
/* Responsive adjustments */
@media (max-width: 768px) {
.hero-subtitle-enhanced {
font-size: 1.1rem;
padding: 1.25rem 1.5rem;
margin: 0 0 1.5rem 0;
}
.cta-container {
flex-direction: column;
align-items: center;
gap: 0.75rem;
padding: 0 1rem;
}
.cta-primary-enhanced {
width: 100%;
max-width: 260px;
text-align: center;
padding: 0.875rem 1.5rem;
}
.content-section {
margin: 3rem 0;
}
.docs-content,
.full-width-content {
padding: 0 1rem;
}
}
@media (min-width: 769px) {
.docs-content,
.full-width-content {
padding: 0 3rem;
}
}
@media (min-width: 1200px) {
.docs-content,
.full-width-content {
padding: 0 4rem;
}
}
</style>
<Layout metadata={metadata}>
<Fragment slot="announcement"></Fragment>
<!-- Structured Data for SEO -->
<StructuredData
slot="structured-data"
data={{
'@context': 'https://schema.org',
'@type': 'TechnicalArticle',
name: t.metadata.title,
description: t.metadata.description,
author: {
'@type': 'Person',
name: 'Richard Bergsma'
},
datePublished: '2025-08-01',
dateModified: '2025-08-01',
inLanguage: lang
}}
/>
<!-- Enhanced Hero Section -->
<Hero id="hero" isDark={false}>
<Fragment slot="bg">
<div class="animated-hero-bg">
<div class="floating-elements">
<div class="floating-shape shape-1"></div>
<div class="floating-shape shape-2"></div>
<div class="floating-shape shape-3"></div>
<div class="floating-shape shape-4"></div>
</div>
</div>
</Fragment>
<Fragment slot="title">
<span class="hero-title-enhanced">{t.hero.title}</span>
</Fragment>
<Fragment slot="subtitle">
<div class="hero-subtitle-container">
<div class="hero-subtitle-enhanced">
{t.hero.subtitle}
</div>
<div class="cta-container">
<a href="#overview" class="inline-flex items-center justify-center rounded-full font-semibold transition-colors px-6 py-3 text-base bg-blue-600 text-white hover:bg-blue-700 focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-blue-600">
{t.hero.cta.primary}
</a>
</div>
</div>
</Fragment>
</Hero>
<!-- Documentation Content -->
<div id="overview" class="content-section">
<Content
id="overview"
columns={1}
items={[]}
classes={{
container: 'glass-enhanced content-max-none',
content: 'content-max-none'
}}
>
<Fragment slot="content">
<div class="docs-content">
<h2>{t.sections.overview.title}</h2>
<div class="full-width-content">
<h3>{t.sections.overview.whatIs.title}</h3>
<p>{t.sections.overview.whatIs.content}</p>
<h3>{t.sections.overview.apiOverview.title}</h3>
<ul>
<li><strong>{t.sections.overview.apiOverview.host}:</strong> <code>your-api-host.com</code></li>
<li><strong>{t.sections.overview.apiOverview.basePath}:</strong> <code>/api/v1</code></li>
<li><strong>{t.sections.overview.apiOverview.protocol}:</strong> {t.sections.overview.apiOverview.protocolValue}</li>
<li><strong>{t.sections.overview.apiOverview.authentication}:</strong> {t.sections.overview.apiOverview.authValue}</li>
</ul>
<h3>{t.sections.overview.capabilities.title}</h3>
<ul>
{t.sections.overview.capabilities.items.map((item) => (
<li><strong>{item.title}</strong> {item.description}</li>
))}
</ul>
</div>
</div>
</Fragment>
<Fragment slot="bg">
<div class="absolute inset-0 bg-gradient-to-br from-blue-50/50 to-purple-50/50 dark:from-gray-900/50 dark:to-gray-800/50"></div>
</Fragment>
</Content>
</div>
<!-- Concepts Section -->
<div id="concepts" class="content-section">
<Content
id="concepts"
columns={1}
items={[]}
classes={{
container: 'glass-enhanced content-max-none',
content: 'content-max-none'
}}
>
<Fragment slot="content">
<div class="docs-content">
<h2>{t.sections.concepts.title}</h2>
<div class="full-width-content">
<h3>{t.sections.concepts.entities.title}</h3>
<div class="mermaid" data-mermaid={`flowchart TD
subgraph Users ["👥 Users"]
PERSON[👤 Person<br/>End User]
OPERATOR[👨‍💼 Operator<br/>IT Support Staff]
end
subgraph Teams ["🏢 Organization"]
GROUP[👥 Operator Group<br/>IT Team]
DEPT[🏢 Department]
end
subgraph Tickets ["🎫 Service Requests"]
INCIDENT[🎫 Incident<br/>Support Ticket]
CHANGE[🔄 Change Request<br/>Planned Modification]
end
subgraph Resources ["💼 IT Resources"]
KB[📚 Knowledge Base<br/>Solutions/Procedures]
ASSET[💻 Asset<br/>IT Equipment]
CATEGORY[🏷️ Category<br/>Classification]
end
PERSON -->|reports| INCIDENT
INCIDENT -->|assigned to| OPERATOR
OPERATOR -->|belongs to| GROUP
GROUP -->|manages| CHANGE
OPERATOR -->|uses| KB
INCIDENT -->|classified by| CATEGORY
ASSET -->|linked to| INCIDENT
KB -->|provides solutions for| INCIDENT
classDef user fill:#e3f2fd,stroke:#1976d2,color:#000
classDef team fill:#f3e5f5,stroke:#7b1fa2,color:#000
classDef ticket fill:#fff3e0,stroke:#f57c00,color:#000
classDef resource fill:#e8f5e8,stroke:#388e3c,color:#000
class PERSON,OPERATOR user
class GROUP,DEPT team
class INCIDENT,CHANGE ticket
class KB,ASSET,CATEGORY resource`}>
<!-- Mermaid diagram will be rendered here -->
</div>
<h3>{t.sections.concepts.terminology.title}</h3>
<div class="overflow-x-auto">
<table>
<thead>
<tr>
<th>{t.sections.concepts.terminology.headers.term}</th>
<th>{t.sections.concepts.terminology.headers.description}</th>
<th>{t.sections.concepts.terminology.headers.example}</th>
</tr>
</thead>
<tbody>
{t.sections.concepts.terminology.items.map((item) => (
<tr>
<td><strong>{item.term}</strong></td>
<td>{item.description}</td>
<td>{item.example}</td>
</tr>
))}
</tbody>
</table>
</div>
<h3>{t.sections.concepts.lifecycle.title}</h3>
<div class="mermaid" data-mermaid={`flowchart LR
START[🚀 USER REPORTS<br/>PROBLEM] -->|Creates| NEW[🆕 NEW TICKET<br/>Status: New]
NEW -->|Auto-assigned| ASSIGN[👥 ASSIGNED TO TEAM<br/>Based on category]
ASSIGN -->|Operator picks up| PROGRESS[⚙️ IN PROGRESS<br/>Investigation starts]
PROGRESS -->|Solution found| RESOLVE[✅ RESOLVED<br/>Awaiting confirmation]
RESOLVE -->|User confirms| CLOSE[🔒 CLOSED<br/>Ticket complete]
PROGRESS -->|Need more info| ONHOLD[⏸️ ON HOLD<br/>Waiting for user]
ONHOLD -->|Info received| PROGRESS
classDef start fill:#e8f5e8,stroke:#4caf50,color:#000
classDef active fill:#fff3e0,stroke:#ff9800,color:#000
classDef resolved fill:#e3f2fd,stroke:#2196f3,color:#000
classDef closed fill:#f3e5f5,stroke:#9c27b0,color:#000
classDef hold fill:#fce4ec,stroke:#e91e63,color:#000
class START start
class NEW,ASSIGN,PROGRESS active
class RESOLVE resolved
class CLOSE closed
class ONHOLD hold`}>
<!-- Mermaid diagram will be rendered here -->
</div>
</div>
</div>
</Fragment>
<Fragment slot="bg">
<div class="absolute inset-0 bg-gradient-to-br from-purple-50/50 to-blue-50/50 dark:from-gray-800/50 dark:to-gray-900/50"></div>
</Fragment>
</Content>
</div>
<!-- Getting Started Section -->
<div id="getting-started" class="content-section">
<Content
id="getting-started"
columns={1}
items={[]}
classes={{
container: 'glass-enhanced content-max-none',
content: 'content-max-none'
}}
>
<Fragment slot="content">
<div class="docs-content">
<h2>{t.sections.gettingStarted.title}</h2>
<div class="full-width-content">
<h3>{t.sections.gettingStarted.authentication.title}</h3>
<p>{t.sections.gettingStarted.authentication.description}</p>
<pre><code>{t.sections.gettingStarted.authentication.headers}</code></pre>
<h3>{t.sections.gettingStarted.firstCall.title}</h3>
<p>{t.sections.gettingStarted.firstCall.description}</p>
<pre><code>{t.sections.gettingStarted.firstCall.code}</code></pre>
<h3>{t.sections.gettingStarted.dynamicDropdowns.title}</h3>
<div class="alert alert-warning">
<strong>{t.sections.gettingStarted.dynamicDropdowns.warning}</strong>
</div>
<p>{t.sections.gettingStarted.dynamicDropdowns.explanation}</p>
<h4>{t.sections.gettingStarted.dynamicDropdowns.integration.title}</h4>
<pre><code>{t.sections.gettingStarted.dynamicDropdowns.integration.wrongCode}</code></pre>
<pre><code>{t.sections.gettingStarted.dynamicDropdowns.integration.correctCode}</code></pre>
<h4>{t.sections.gettingStarted.dynamicDropdowns.whyEssential.title}</h4>
<ul>
{t.sections.gettingStarted.dynamicDropdowns.whyEssential.reasons.map((reason) => (
<li><strong>{reason.title}:</strong> {reason.description}</li>
))}
</ul>
</div>
</div>
</Fragment>
<Fragment slot="bg">
<div class="absolute inset-0 bg-gradient-to-br from-green-50/50 to-blue-50/50 dark:from-gray-900/50 dark:to-gray-800/50"></div>
</Fragment>
</Content>
</div>
<!-- API Reference Section -->
<div id="api-reference" class="content-section">
<Content
id="api-reference"
columns={1}
items={[]}
classes={{
container: 'glass-enhanced content-max-none',
content: 'content-max-none'
}}
>
<Fragment slot="content">
<div class="docs-content">
<h2>{t.sections.apiReference.title}</h2>
<div class="full-width-content">
<h3>{t.sections.apiReference.essentialEndpoints.title}</h3>
<h4>{t.sections.apiReference.essentialEndpoints.findUsers.title}</h4>
<div class="endpoint">
<span class="endpoint-method method-get">GET</span>
<code>/api/persons?query=dynamicName=="[Full Name]"</code>
<p><strong>{t.sections.apiReference.essentialEndpoints.findUsers.purpose}:</strong> {t.sections.apiReference.essentialEndpoints.findUsers.purposeText}</p>
<p><strong>{t.sections.apiReference.essentialEndpoints.findUsers.returns}:</strong> {t.sections.apiReference.essentialEndpoints.findUsers.returnsText}</p>
</div>
<h4>{t.sections.apiReference.essentialEndpoints.dropdownOptions.title}</h4>
{t.sections.apiReference.essentialEndpoints.dropdownOptions.endpoints.map((endpoint) => (
<div class="endpoint">
<span class="endpoint-method method-get">GET</span>
<code>{endpoint.path}</code>
<p>{endpoint.description}</p>
</div>
))}
<h4>{t.sections.apiReference.essentialEndpoints.createTicket.title}</h4>
<div class="endpoint">
<span class="endpoint-method method-post">POST</span>
<code>/api/incidents</code>
<p><strong>{t.sections.apiReference.essentialEndpoints.createTicket.purpose}:</strong> {t.sections.apiReference.essentialEndpoints.createTicket.purposeText}</p>
<p><strong>{t.sections.apiReference.essentialEndpoints.createTicket.requires}:</strong> {t.sections.apiReference.essentialEndpoints.createTicket.requiresText}</p>
</div>
<h4>{t.sections.apiReference.essentialEndpoints.searchKnowledgeBase.title}</h4>
<div class="endpoint">
<span class="endpoint-method method-get">GET</span>
<code>/api/knowledgeItems/search?query=[search terms]&lang=en&status=active</code>
<p><strong>{t.sections.apiReference.essentialEndpoints.searchKnowledgeBase.purpose}:</strong> {t.sections.apiReference.essentialEndpoints.searchKnowledgeBase.purposeText}</p>
</div>
</div>
</div>
</Fragment>
<Fragment slot="bg">
<div class="absolute inset-0 bg-gradient-to-br from-orange-50/50 to-red-50/50 dark:from-gray-800/50 dark:to-gray-900/50"></div>
</Fragment>
</Content>
</div>
<!-- Contact Section -->
<div id="contact" class="content-section">
<Content
id="contact"
columns={1}
items={[]}
classes={{
container: 'glass-enhanced content-max-none',
content: 'content-max-none'
}}
>
<Fragment slot="content">
<div class="docs-content">
<div class="full-width-content text-center">
<h2>{t.sections.contact.title}</h2>
<p><strong>{t.sections.contact.team}:</strong> {t.sections.contact.teamName}</p>
<p><strong>{t.sections.contact.email}:</strong> <a href="mailto:support@example.com">support@example.com</a></p>
<p><strong>{t.sections.contact.website}:</strong> <a href="#" target="_blank">www.example.com</a></p>
<p>{t.sections.contact.supportText}</p>
</div>
</div>
</Fragment>
<Fragment slot="bg">
<div class="absolute inset-0 bg-gradient-to-br from-indigo-50/50 to-purple-50/50 dark:from-gray-900/50 dark:to-gray-800/50"></div>
</Fragment>
</Content>
</div>
</Layout>
<script>
// Initialize Mermaid diagrams with proper client-side setup
document.addEventListener('DOMContentLoaded', async () => {
try {
// Import Mermaid dynamically from local dependency (no remote CDN)
const mermaidModule = await import('mermaid');
const mermaid = mermaidModule.default || mermaidModule;
// Initialize Mermaid with configuration
mermaid.initialize({
startOnLoad: false,
theme: document.documentElement.classList.contains('dark') ? 'dark' : 'default',
flowchart: {
useMaxWidth: true,
htmlLabels: true,
curve: 'basis'
},
themeVariables: {
fontFamily: 'Arial, sans-serif'
}
});
// Find all mermaid elements and render them
const mermaidElements = document.querySelectorAll('.mermaid');
for (let i = 0; i < mermaidElements.length; i++) {
const element = mermaidElements[i];
const mermaidCode = element.textContent.trim();
try {
// Create a unique ID for each diagram
const id = `mermaid-${i}`;
// Render the diagram
const { svg } = await mermaid.render(id, mermaidCode);
// Replace the element content with the rendered SVG
element.innerHTML = svg;
} catch (error) {
console.error('Error rendering mermaid diagram:', error);
element.innerHTML = `<div style="color: red; padding: 20px; border: 1px solid red; border-radius: 4px;">
<strong>Diagram Error:</strong> Unable to render diagram. Please check the syntax.
</div>`;
}
}
} catch (error) {
console.error('Error loading Mermaid:', error);
}
});
// Re-render mermaid diagrams when theme changes or page loads
document.addEventListener('astro:page-load', () => {
// Trigger re-initialization if needed
setTimeout(() => {
const event = new Event('DOMContentLoaded');
document.dispatchEvent(event);
}, 100);
});
// Theme change handler
const themeToggle = document.querySelector('[data-aw-toggle-color-scheme]');
if (themeToggle) {
themeToggle.addEventListener('click', () => {
setTimeout(() => {
const event = new Event('DOMContentLoaded');
document.dispatchEvent(event);
}, 200);
});
}
</script>

2
src/pages/api/commits.ts
View File

@@ -13,7 +13,7 @@ export const GET: APIRoute = async ({ request }) => {
headers['Authorization'] = `token ${import.meta.env.GITEA_TOKEN}`;
}
const response = await fetch(url, { headers });
const response = await fetch(url, { headers, redirect: 'follow', cache: 'no-store' });
if (!response.ok) {
throw new Error(`Gitea API responded with status: ${response.status}`);

37
src/pages/api/contact.ts
View File

@@ -5,13 +5,11 @@ import {
checkRateLimit,
sendAdminNotification,
sendUserConfirmation,
sendEmail,
} from '../../utils/email-handler';
import { isSpamWithGemini } from "../../utils/gemini-spam-check";
import jwt from 'jsonwebtoken';
const MANUAL_REVIEW_SECRET = process.env.MANUAL_REVIEW_SECRET;
const MANUAL_REVIEW_EMAIL = 'manual-review@365devnet.eu';
// Enhanced email validation with more comprehensive regex
const isValidEmail = (email: string): boolean => {
@@ -128,18 +126,18 @@ export const GET: APIRoute = async ({ request }) => {
export const POST: APIRoute = async ({ request, clientAddress }) => {
try {
console.log('Contact form submission received');
// Minimal server logs; avoid PII in logs
// Get client IP address for rate limiting
const ipAddress = clientAddress || '0.0.0.0';
console.log('Client IP:', ipAddress);
// Do not log full IP or headers in production
// Check rate limit
const rateLimitCheck = await checkRateLimit(ipAddress);
console.log('Rate limit check:', rateLimitCheck);
// Log only when exceeded (and without PII)
if (rateLimitCheck.limited) {
console.log('Rate limit exceeded');
console.warn('Rate limit exceeded for contact endpoint');
return new Response(
JSON.stringify({
success: false,
@@ -159,10 +157,10 @@ export const POST: APIRoute = async ({ request, clientAddress }) => {
// Get form data
const formData = await request.formData();
console.log('Form data received');
// Form data received
// Log all form data keys
console.log('Form data keys:', [...formData.keys()]);
// Don't log field values
const name = formData.get('name')?.toString() || '';
const email = formData.get('email')?.toString() || '';
@@ -171,14 +169,7 @@ export const POST: APIRoute = async ({ request, clientAddress }) => {
const csrfToken = formData.get('csrf_token')?.toString() || '';
const domain = formData.get('domain')?.toString() || '';
console.log('Form data values:', {
name,
email,
messageLength: message.length,
disclaimer,
csrfToken: csrfToken ? 'present' : 'missing',
domain,
});
// Avoid logging PII; capture minimal telemetry only if needed
// Get user agent for logging and spam detection
const userAgent = request.headers.get('user-agent') || 'Unknown';
@@ -224,10 +215,10 @@ export const POST: APIRoute = async ({ request, clientAddress }) => {
spamReason = 'heuristic';
}
if (spamDetected) {
const token = jwt.sign({ email, message }, MANUAL_REVIEW_SECRET, { expiresIn: '1h' });
const secret = MANUAL_REVIEW_SECRET || '';
const token = secret ? jwt.sign({ email, message }, secret, { expiresIn: '1h' }) : '';
console.warn(
`[SPAM DETECTED by ${spamReason === 'Gemini' ? 'Gemini' : 'heuristic'}]`,
{ name, email, message, ip: request.headers.get('x-forwarded-for') }
`[SPAM DETECTED by ${spamReason === 'Gemini' ? 'Gemini' : 'heuristic'}]`
);
return new Response(
JSON.stringify({
@@ -256,13 +247,13 @@ export const POST: APIRoute = async ({ request, clientAddress }) => {
}
// Send emails
console.log('Attempting to send admin notification email');
// Send admin notification email
const adminEmailSent = await sendAdminNotification(name, email, message, ipAddress, userAgent, domain);
console.log('Admin email sent result:', adminEmailSent);
console.log('Attempting to send user confirmation email');
// Send user confirmation email
const userEmailSent = await sendUserConfirmation(name, email, message, domain);
console.log('User email sent result:', userEmailSent);
// Check if emails were sent successfully
if (!adminEmailSent || !userEmailSent) {

6
src/pages/api/uptime.ts
View File

@@ -89,7 +89,7 @@ function ensureUTC(dateString: string): string {
export const GET: APIRoute = async () => {
try {
if (!UPTIME_KUMA_URL) {
console.error('Missing environment variable: UPTIME_KUMA_URL');
// Avoid noisy logs in production; return typed error instead
return new Response(JSON.stringify({ error: 'Configuration error: Missing environment variable' }), {
status: 500,
headers: {
@@ -191,10 +191,10 @@ export const GET: APIRoute = async () => {
},
});
} catch (err) {
console.error('Error fetching uptime data:', err);
// Log minimal error context without leaking internals
return new Response(JSON.stringify({
error: 'Failed to fetch uptime data',
details: err instanceof Error ? err.message : 'Unknown error'
details: 'upstream error'
}), {
status: 500,
headers: {

14
src/utils/email-handler.ts
View File

@@ -147,10 +147,10 @@ export async function sendEmail(to: string, subject: string, html: string, text:
}
try {
// Never trust user-provided domain for From header to prevent spoofing.
const safeSender = SMTP_USER || ADMIN_EMAIL;
const fromAddress = isProduction
? domain
? `"${WEBSITE_NAME}" <${SMTP_USER || 'info'}@${domain}>`
: `"${WEBSITE_NAME}" <${SMTP_USER || 'noreply@' + WEBSITE_NAME}>`
? `"${WEBSITE_NAME}" <${safeSender}>`
: `"${WEBSITE_NAME}" <${ADMIN_EMAIL}>`;
const mailOptions = {
@@ -161,9 +161,11 @@ export async function sendEmail(to: string, subject: string, html: string, text:
text,
};
// Log the connection target
console.log(`[MAILER DEBUG] Sending via: ${SMTP_HOST}:${SMTP_PORT}`);
console.log(`[MAILER DEBUG] From: ${fromAddress} → To: ${to}`);
// Log debug information only in non-production
if (!isProduction) {
console.log(`[MAILER DEBUG] Sending via: ${SMTP_HOST}:${SMTP_PORT}`);
console.log(`[MAILER DEBUG] From: ${fromAddress} → To: ${to}`);
}
await transporter.sendMail(mailOptions);

14
src/utils/gemini-spam-check.ts
View File

@@ -1,20 +1,20 @@
import { GoogleGenerativeAI } from "@google/generative-ai";
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;
if (!GEMINI_API_KEY) {
console.error("[Gemini] GEMINI_API_KEY environment variable is not set.");
throw new Error("GEMINI_API_KEY environment variable is not set.");
}
const genAI = new GoogleGenerativeAI(GEMINI_API_KEY);
// Fail open without throwing at module import time; initialize lazily
const genAI = GEMINI_API_KEY ? new GoogleGenerativeAI(GEMINI_API_KEY) : null;
export async function isSpamWithGemini(message: string): Promise<boolean> {
try {
console.log('[Gemini] Attempting spam check...');
if (!genAI) {
console.warn('[Gemini] API key not set; skipping spam check.');
return false;
}
const model = genAI.getGenerativeModel({ model: "gemini-1.5-flash" });
const prompt = `Is the following message spam? Reply with only 'yes' or 'no'.\n\nMessage:\n${message}`;
const result = await model.generateContent(prompt);
const response = result.response.text().trim().toLowerCase();
console.log(`[Gemini] Spam check result: ${response}`);
// Do not log PII or model responses in production
return response.startsWith("yes");
} catch (err: any) {
if (err?.response?.status === 401) {