New files:
- oauth_service.py: Shared OAuth 2.0 service supporting Google and Meta
providers with token exchange, refresh, and storage
- database/migrations/058_oauth_tokens.sql: oauth_tokens table with
company/provider/service unique constraint
- blueprints/api/routes_oauth.py: OAuth API endpoints for connect,
callback, status, and disconnect flows
Supports:
- Google OAuth (GBP Business Profile, Search Console)
- Meta OAuth (Facebook Pages, Instagram)
- CSRF state validation, token refresh, expiry tracking
- Per-company token storage with active/inactive status
Requires .env config:
- GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET (Google APIs)
- META_APP_ID, META_APP_SECRET (Facebook/Instagram)
- OAUTH_REDIRECT_BASE_URL (default: https://nordabiznes.pl)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GBP data fetching migration:
- Replace legacy maps.googleapis.com/maps/api/place/ with GooglePlacesService
- Use Places API (New): places.googleapis.com/v1/places
- Extract 20+ new fields: primaryType, editorialSummary, priceLevel,
paymentOptions, parkingOptions, accessibilityOptions, service options,
amenities, food & drink, detailed photos metadata, review statistics
- Location bias for Wejherowo area in place search
- Backward-compatible return format for existing callers
GBP AI prompt enrichment:
- Add primaryType, editorialSummary, priceLevel to company info section
- Add business attributes section (payment, parking, accessibility,
services, amenities, food & drink) with dynamic rendering
- Use getattr with fallbacks for new DB columns not yet migrated
Completeness: GBP 55% → ~90% (estimated)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New services:
- youtube_service.py: YouTube Data API v3 integration for channel stats
(subscriber count, view count, video count)
- crux_service.py: Chrome UX Report API for real user field data
(INP, LCP, CLS, FCP, TTFB from actual Chrome users)
SEO audit enrichment:
- Security headers check: HSTS, CSP, X-Frame-Options, X-Content-Type-Options
via live requests.head() during data collection
- Image format analysis: WebP/AVIF/SVG vs legacy JPEG/PNG ratio
- CrUX field data complements existing PageSpeed lab data in AI prompt
- All new metrics passed to Gemini for richer analysis
Social media audit enrichment:
- YouTube API data (video count, views, subscribers) integrated into
social media AI prompt when YouTube profile exists
All APIs use existing GOOGLE_PLACES_API_KEY (free tier, $0 cost).
Completeness: ~68% → ~78% (estimated)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GBP audit:
- Fix review_response_rate bug: check ownerResponse instead of authorAttribution.displayName
- Mark has_posts/has_products/has_qa as OAuth-dependent in AI prompt
- Add review_keywords and description_keywords to AI prompt
SEO audit:
- Replace deprecated FID with INP (Core Web Vital since March 2024)
- Pass 10 additional metrics to AI prompt: FCP, TTFB, TBT, Speed Index,
meta title/desc length, html lang, Schema.org field details
- Update templates with INP thresholds (200ms/500ms)
Social media audit:
- Calculate engagement_rate from industry base rates × activity multiplier
- Calculate posting_frequency_score (0-10 based on posts_count_30d)
- Enrich AI prompt with page_name, freq_score, engagement, last_post_date
- Add avg engagement rate and brand name consistency check to prompt
Completeness: 52% → ~68% (estimated)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Email notifications sent to topic subscribers when new reply posted
- Auto-subscribe users when they reply to a topic
- Custom CSS tooltip on "seen by" avatars (replaces native title)
- GET /forum/<id>/unsubscribe endpoint for email unsubscribe links
- Clean up ROADMAP.md (remove unimplemented priorities, add RBAC/Slack)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- pytest framework with fixtures for auth (auth_client, admin_client)
- Unit tests for SearchService
- Integration tests for auth flow
- Security tests (OWASP Top 10: SQL injection, XSS, CSRF)
- Smoke tests for production health and backup monitoring
- E2E tests with Playwright (basic structure)
- DR tests for backup/restore procedures
- GitHub Actions CI/CD workflow (.github/workflows/test.yml)
- Coverage configuration (.coveragerc) with 80% minimum
- DR documentation and restore script
Staging environment: VM 248, staging.nordabiznes.pl
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document incident 2026-01-31 (alias failure)
- New rule: Use full blueprint names, NOT aliases
- New procedure: Update templates BEFORE moving routes
- Enhanced checklist: Test page rendering, not just HTTP status
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Admin blueprint Part 1 deployed (19 routes)
- Added metrics for blueprints/admin/routes.py (828 lines)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Odkrycie: Flask pozwala zarejestrować ten sam URL pod dwoma nazwami
- url_for('login') i url_for('auth.login') mogą współistnieć
- Zero zmian w szablonach podczas wdrożenia blueprintów
Strategia 3 podfaz:
- Faza 2a: Blueprinty + aliasy (niskie ryzyko)
- Faza 2b: Stopniowa migracja szablonów
- Faza 2c: Usunięcie aliasów
Porównanie z Big Bang: 20 vs 125 plików do zmiany naraz
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano graf zależności (auth + public muszą być razem)
- utils/decorators.py wymaga url_for('auth.login') i url_for('public.index')
- Faza 2 jest krytyczna - blokuje wszystkie kolejne fazy
- Zaktualizowano harmonogram z kolumną zależności
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Szczegółowy plan wydzielenia 235 routes do ~25 blueprintów
- Kategoryzacja routes według modułów
- Harmonogram 10 faz (~33h pracy)
- Docelowa struktura katalogów
- Zasady refaktoryzacji i procedury wdrożenia
Cel: Redukcja app.py z 15,570 → ~500 linii
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Status Fazy 1 zmieniony na "WDROŻONA NA PRODUKCJĘ"
- Dodano datę wdrożenia (2026-01-28)
- Usunięto nieaktualną blokadę wdrożeń
- Zaktualizowano harmonogram z checkboxami statusu
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Wszystkie release notes od v1.0.0 do v1.20.0 posortowane od najważniejszych
- Mega ważne funkcje wytłuszczone <strong>
- Dodano sekcję security w szablonie
- Stworzono przewodnik RELEASE_NOTES_GUIDE.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Zmiana domyślnego modelu w dokumentacji i kodzie:
- gemini-2.5-flash → gemini-3-flash-preview
- gemini-2.5-pro → gemini-3-pro-preview
Zaktualizowane pliki:
- README.md - opis technologii
- docs/architecture/*.md - diagramy i przepływy
- nordabiz_chat.py - fallback model name
- zopk_news_service.py - model dla AI evaluation
- templates/admin/zopk_dashboard.html - wyświetlany model
Zachowano mapowania legacy modeli dla kompatybilności wstecznej.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Zmiana nazwy: "Norda Biznes Hub" → "Norda Biznes Partner"
- Aktualizacja modelu AI: Gemini 2.0 Flash → Gemini 3 Flash
- Zachowano historyczne odniesienia w timeline i dokumentacji
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano person_id i profile URL do kontekstu osób w chatbocie
- Zaktualizowano system prompt: OBOWIĄZKOWE linki dla firm i osób
- Dodano CSS dla linków do osób (zielony badge)
- Rozszerzono JavaScript o wykrywanie linków /osoba/
Kolory badge:
- 🏢 Firmy: pomarańczowy (#c2410c)
- 👤 Osoby: zielony (#047857)
- 🔗 Zewnętrzne: niebieski (#1d4ed8)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CLAUDE.md uproszczony - tylko kluczowe info dla Claude
- docs/DEVELOPMENT.md - szczegóły SearchService, Chatbot, Testy AI, SEO, News
- docs/ROADMAP.md - plan rozwoju, priorytety, strategia monetyzacji 3-tier
- docs/CREDENTIALS.md - zasady zarządzania hasłami i kluczami API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano INCIDENT_REPORT_20260115.md dokumentujący incydent
wysokiego CPU spowodowany wielokrotnym uruchomieniem skryptu
- Dodano ostrzeżenia do CLAUDE.md o uruchamianiu skryptów:
- SSH timeout NIE oznacza nieudanego wykonania
- Sprawdzaj procesy przed ponownym uruchomieniem
- Używaj QEMU guest agent jako alternatywy
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'test' to ForumTopic.CATEGORIES with Polish label 'Testowy'
- Add gray styling for test topics (badge + card opacity)
- Add scripts to list and mark test topics
Created comprehensive docs/SECURITY.md with:
- Database credentials management guide (CWE-798 security)
- Complete environment variables reference
- Development and production setup instructions
- Shell script configuration (.pgpass, PGPASSWORD)
- Security best practices (never hardcode credentials)
- Verification and testing procedures
- Troubleshooting guide for common issues
- Incident response procedures for compromised credentials
- Links to official documentation and security standards
This completes Phase 4 (Documentation) of the credential security cleanup task.
