29106aa45e
SECURITY VULNERABILITY FIXED: Registration form was storing passwords in plain text in localStorage, creating a severe XSS vulnerability where attackers could steal credentials. Changes Made: 1. **RegisterForm.tsx:** - REMOVED localStorage persistence of registration_progress (lines 110-146) - Password, email, and all form data now kept in memory only - Added cleanup effect to remove any existing registration_progress data - Form data is submitted directly to backend via secure API calls 2. **WizardContext.tsx:** - REMOVED localStorage persistence of wizard state (lines 98-116) - All onboarding progress now tracked exclusively via backend API - Added cleanup effect to remove any existing wizardState data - Updated resetWizard to not reference localStorage 3. **Architecture Change:** - All user data and progress tracking now uses backend APIs exclusively - Backend APIs already exist: /api/v1/auth/register, onboarding_progress.py - No sensitive data stored in browser localStorage Impact: - Prevents credential theft via XSS attacks - Ensures data security and consistency across sessions - Aligns with security best practices (OWASP guidelines) Backend Support: - services/auth/app/api/auth_operations.py handles registration - services/auth/app/api/onboarding_progress.py tracks wizard progress - All data persisted securely in PostgreSQL database
🍞 Bakery IA - Multi-Service Architecture
Welcome to Bakery IA, an advanced AI-powered platform for bakery management and optimization. This project implements a microservices architecture with multiple interconnected services to provide comprehensive bakery management solutions.
🚀 Quick Start
Prerequisites
- Docker Desktop with Kubernetes enabled
- Docker Compose
- Node.js (for frontend development)
Running the Application
-
Clone the repository:
git clone <repository-url> cd bakery-ia -
Set up environment variables:
cp .env.example .env # Edit .env with your specific configuration -
Run with Docker Compose:
docker-compose up --build -
Or run with Kubernetes (Docker Desktop):
# Enable Kubernetes in Docker Desktop # Run the setup script ./scripts/setup-kubernetes-dev.sh
🏗️ Architecture Overview
The project follows a microservices architecture with the following main components:
- Frontend: React-based dashboard for user interaction
- Gateway: API gateway handling authentication and routing
- Services: Multiple microservices handling different business domains
- Infrastructure: Redis, RabbitMQ, PostgreSQL databases
🐳 Kubernetes Infrastructure
🛠️ Services
The project includes multiple services:
- Auth Service: Authentication and authorization
- Tenant Service: Multi-tenancy management
- Sales Service: Sales processing
- External Service: Integration with external systems
- Training Service: AI model training
- Forecasting Service: Demand forecasting
- Notification Service: Notifications and alerts
- Inventory Service: Inventory management
- Recipes Service: Recipe management
- Suppliers Service: Supplier management
- POS Service: Point of sale
- Orders Service: Order management
- Production Service: Production planning
- Alert Processor: Background alert processing
📊 Monitoring
The system includes comprehensive monitoring with:
- Prometheus for metrics collection
- Grafana for visualization
- ELK stack for logging (planned)
🚀 Production Deployment
For production deployment on clouding.io with Kubernetes:
- Set up your clouding.io Kubernetes cluster
- Update image references to your container registry
- Configure production-specific values
- Deploy using the production kustomization:
kubectl apply -k infrastructure/kubernetes/environments/production/
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
📄 License
This project is licensed under the MIT License.