Password Policy/App rename/PM Scheduling Improvements

This commit is contained in:
2026-06-06 02:32:47 -05:00
parent dfd999b6a9
commit f024286b5e
59 changed files with 3814 additions and 299 deletions

View File

@@ -1,6 +1,6 @@
# MixedAssets
# DepreCore
MixedAssets is a fixed asset management and depreciation SPA for small and mid-sized organizations. This build includes an Express API, Vue/Vuetify frontend, SQLite persistence, role-aware login, asset register, templates, JSON tax-rule sets, depreciation reports, import/export, and admin configuration.
DepreCore is a fixed asset management and depreciation SPA for small and mid-sized organizations. This build includes an Express API, Vue/Vuetify frontend, SQLite persistence, role-aware login, asset register, templates, JSON tax-rule sets, depreciation reports, import/export, and admin configuration.
Each asset carries six independent books (GAAP, Federal, State, AMT, ACE, User-defined), each with its own cost, depreciation method, useful life, §179 amount, bonus percentage, and convention. The asset workbench also includes a File Cabinet (invoices, photos, manuals), warranty/service-agreement tracking, a per-asset task list, and a running notes timeline.
@@ -32,7 +32,7 @@ Open `http://localhost:5173`.
Default seeded login:
```text
admin@mixedassets.local
admin@deprecore.local
ChangeMe123!
```
@@ -51,13 +51,13 @@ Environment variables are shown in `.env.example`. The app also stores editable
| Variable | Default | Purpose |
| --- | --- | --- |
| `MIXEDASSETS_PORT` (or `PORT`) | `3000` | API/server port |
| `MIXEDASSETS_DATA_DIR` | `./data` | Data directory |
| `MIXEDASSETS_DB_PATH` | `./data/mixedassets.sqlite` | SQLite database file |
| `MIXEDASSETS_SERVER_FQDN` | `localhost` | Server FQDN (also editable in Admin) |
| `MIXEDASSETS_CORS_ORIGINS` | `http://localhost:5173,...` | Allowed CORS origins (comma-separated) |
| `MIXEDASSETS_JWT_SECRET` | dev fallback | JWT signing secret — set a long random value in production |
| `MIXEDASSETS_ADMIN_PASSWORD` | `ChangeMe123!` | Password for the seeded admin user |
| `DEPRECORE_PORT` (or `PORT`) | `3000` | API/server port |
| `DEPRECORE_DATA_DIR` | `./data` | Data directory |
| `DEPRECORE_DB_PATH` | `./data/deprecore.sqlite` | SQLite database file |
| `DEPRECORE_SERVER_FQDN` | `localhost` | Server FQDN (also editable in Admin) |
| `DEPRECORE_CORS_ORIGINS` | `http://localhost:5173,...` | Allowed CORS origins (comma-separated) |
| `DEPRECORE_JWT_SECRET` | dev fallback | JWT signing secret — set a long random value in production |
| `DEPRECORE_ADMIN_PASSWORD` | `ChangeMe123!` | Password for the seeded admin user |
---
@@ -79,7 +79,7 @@ Tokens expire after 12 hours. The only routes that do **not** require a token ar
# Login
curl -s http://localhost:3000/api/auth/login \
-H 'Content-Type: application/json' \
-d '{"email":"admin@mixedassets.local","password":"ChangeMe123!"}'
-d '{"email":"admin@deprecore.local","password":"ChangeMe123!"}'
# => { "token": "<jwt>", "user": { "id":1, "name":"...", "role":"admin", ... } }
```
@@ -307,7 +307,7 @@ Movement `type` is `receive` (add on-hand), `issue` (consume), `adjust` (set on-
Alert types: `maintenance_overdue`, `maintenance_due`, `warranty_expired`, `warranty_expiring`, `lease_expiring`, `pm_due`, `pm_overdue`. Severity is `critical` (overdue/expired or within 7 days) or `warning`. The server also runs the scan-and-notify cycle ~twice daily; it's a no-op unless something is configured.
**Webhook delivery.** When `webhook_enabled` is true and `webhook_url` is set, each newly raised alert is delivered as its own JSON `POST` (one request per alert) on the alert cycle — independently of, or alongside, email. An alert is marked notified once any channel handles it, so it is delivered at most once. If `webhook_secret` is set, the raw request body is signed with HMAC-SHA256 and sent in the `X-MixedAssets-Signature: sha256=<hex>` header so the receiver can verify authenticity. Per-alert payload:
**Webhook delivery.** When `webhook_enabled` is true and `webhook_url` is set, each newly raised alert is delivered as its own JSON `POST` (one request per alert) on the alert cycle — independently of, or alongside, email. An alert is marked notified once any channel handles it, so it is delivered at most once. If `webhook_secret` is set, the raw request body is signed with HMAC-SHA256 and sent in the `X-DepreCore-Signature: sha256=<hex>` header so the receiver can verify authenticity. Per-alert payload:
```json
{
@@ -369,7 +369,7 @@ Each **book** (GAAP, Federal, …) has a `tax_rule_set_id`. When the engine depr
```jsonc
{
"schema": "mixedassets.taxRuleSet.v1", // optional label
"schema": "deprecore.taxRuleSet.v1", // optional label
"jurisdiction": "US-FED", // unique key with version
"name": "Federal 68-method depreciation catalog",
"version": "2026.2", // unique per jurisdiction