Commit graph

6 commits

Author SHA1 Message Date
root
2828da0d30 docs: add screenshots to README
- Add 5 screenshots showcasing main features
- Include dashboard, rooms, leaderboard, rewards, and achievements views
- Organize in collapsible section for better README readability

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-18 09:05:45 +01:00
root
c833aaf976 docs: add Docker Hub deployment instructions to README
- Add recommended deployment option using pre-built mellowfox/tidyquest:latest image
- Keep build-from-source option for development/customization
- Update "Updating" section with separate instructions for both methods
- Simplifies installation for end users who don't need to build

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 19:51:37 +01:00
root
b7145d2496 ci: Add GitHub Actions workflow for Docker Hub publication
Add automated Docker image building and publishing:
- Triggers on release publication
- Builds multi-platform images (linux/amd64, linux/arm64)
- Pushes to Docker Hub with semantic versioning tags
- Updates Docker Hub description from README.md

Configuration required:
- DOCKERHUB_USERNAME secret
- DOCKERHUB_TOKEN secret

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 19:18:35 +01:00
root
b9506ae2bd fix(security): Add Telegram bot token validation to prevent SSRF
Security fix for CodeQL alert:
- Add regex validation for Telegram bot token format
- Token must match pattern: \d+:[A-Za-z0-9_-]+
- Prevents Server-Side Request Forgery (SSRF) attacks
- Rejects malformed tokens that could target internal services

CodeQL Rule: js/request-forgery
Severity: High
File: server/src/utils/notifications.ts:95

While TidyQuest is self-hosted and the admin is trusted, this
defense-in-depth measure prevents accidental misuse and follows
security best practices.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 19:03:52 +01:00
root
ca42323934 Add GitHub security and governance files
Security improvements:
- CODEOWNERS: Define code review requirements
- SECURITY.md: Link to security policy in .github/ for GitHub Security tab
- Pull request template: Enforce PR checklist and guidelines
- Issue templates: Bug reports and feature requests with structured forms
- Issue config: Disable blank issues, add helpful links

These files protect the repository by:
- Requiring code review from @mellow-fox for all changes
- Enforcing security-sensitive file approval (auth, database, Docker)
- Providing clear contribution guidelines
- Preventing low-quality or spam issues
- Guiding contributors with structured templates

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 18:51:40 +01:00
root
a7cd81fe81 Initial release: TidyQuest v0.1.0
TidyQuest is a self-hosted web application that gamifies household chores
using RPG mechanics. Complete tasks, earn coins, unlock achievements, and
compete with your family on the leaderboard.

Features:
- 🎯 Health-based task tracking with visual decay over time
- 💰 Coin system with customizable rewards
- 🔥 Daily/weekly streak tracking
- 🏆 Family leaderboard (week/month/quarter/year)
- 🎖️ Automatic achievement unlocking
- 📅 Calendar view for upcoming tasks
- 🌍 Multilingual support (EN/FR/DE/ES)
- 📱 Optional Telegram notifications
- 🏖️ Vacation mode (pause task decay)
- 🐳 Docker deployment (single container)

Tech Stack:
- Frontend: React 19 + Vite + TypeScript
- Backend: Node.js + Express + TypeScript
- Database: SQLite3 with WAL mode
- Auth: JWT + bcrypt
- Deployment: Docker Compose

Includes:
- 8 room types with 60+ predefined tasks
- 10 preset rewards
- 12 achievement types
- Complete API documentation
- Security best practices guide
- Comprehensive README with examples

License: GNU Affero General Public License v3.0 (AGPL-3.0)
This ensures TidyQuest remains free and open-source forever, preventing
proprietary SaaS forks. Any modified hosted version must share source code.
2026-02-17 18:40:09 +01:00