Commit graph

56 commits

Author SHA1 Message Date
github-actions[bot]
ed76107a2b Release v7.2.1 2026-05-06 21:32:00 +00:00
github-actions[bot]
6c9ef4cef9 Release v7.2.0 2026-05-06 21:29:30 +00:00
github-actions[bot]
d50640ad81 Release v7.1.5 2026-05-06 21:08:07 +00:00
github-actions[bot]
81884f8a36 Release v7.1.4 2026-05-06 21:04:49 +00:00
github-actions[bot]
31163e1894 Release v7.1.3 2026-05-06 06:19:42 +00:00
github-actions[bot]
63fe53a029 Release v7.1.2 2026-05-06 06:04:06 +00:00
github-actions[bot]
81c627bec7 Release v7.1.1 2026-05-06 05:42:13 +00:00
Daniel
cf1d88f36b Release v7.0.0 2026-04-28 03:11:55 +02:00
Daniel
b82db99ebc feat(mobile): biometric sign-in (Face ID / Touch ID / fingerprint)
Adds opt-in biometric login to the Capacitor app. Replaces the password
step on subsequent sign-ins; the 2FA step (if any) still applies — by
design, defense in depth.

How it works:
- After a successful password sign-in on a Capacitor build, prompt the
  user to enroll. If they accept, capacitor-native-biometric.setCredentials
  stores the (email, password) pair in the iOS Keychain / Android Keystore
  with biometric-protected access. The local flag ped_bio_enabled=1 is
  set so the next launch knows to probe.
- On the login form, if isNativeApp() + bioStored() + bioAvailable.ok,
  reveal the "Sign in with Face ID / Touch ID / fingerprint" button at
  the top. Label is set from the actual biometryType returned by the
  plugin so users see what their device supports.
- Tap → verifyIdentity (OS prompt) → getCredentials → fill the email +
  password fields → fire the existing form submit so all the regular
  flow runs (turnstile, 2FA prompt, error handling, session storage).
- Explicit logout deletes credentials AND clears the local flag,
  hiding the button on the next visit. Auto-logout (token expiry,
  network) does NOT come through that path, so biometric persists
  across silent session resets.

Storage choice — password not JWT:
- JWTs expire and the storage would constantly need refresh.
- Storing the password lets the standard /api/auth/login flow run,
  which already handles password-rotation (a stale stored password
  just fails 401 → user falls back to typing the new one → re-enrolls).
- The password sits in OS-level secure storage, accessible only after
  successful biometric verification — same security posture as a
  password manager autofill.

Files:
- mobile/package.json: add capacitor-native-biometric@^5.0.0 (Capacitor 6
  compat)
- mobile/android/app/src/main/AndroidManifest.xml: add USE_BIOMETRIC
  uses-permission
- mobile/ios/App/App/Info.plist: add NSFaceIDUsageDescription string
- public/js/auth.js: bioPlugin/bioAvailable/bioStored/bioEnroll/
  bioRetrieve/bioForget helpers; window.PedBio surface; reveal-on-load;
  click handler; post-login enrollment prompt; logout cleanup
- public/index.html: hidden #btn-bio-login + #bio-divider above the
  email field on the login form
- public/css/styles.css: themed gradient button + hover lift
- mobile/README.md: feature list updated

Build steps for Daniel:
  cd mobile && npm install        # picks up capacitor-native-biometric
  npx cap sync                    # ports the plugin into android/ + ios/
  # then build APK / IPA as usual
2026-04-28 03:09:38 +02:00
github-actions[bot]
2872f1d063 Release v6.53.2 2026-04-24 23:44:32 +00:00
github-actions[bot]
9106d85f98 Release v6.53.1 2026-04-24 23:35:20 +00:00
github-actions[bot]
fd5108e7b3 Release v6.53.0 2026-04-24 23:02:58 +00:00
github-actions[bot]
8c9c03c656 Release v6.52.1 2026-04-24 11:22:36 +00:00
github-actions[bot]
a25c36c875 Release v6.52.0 2026-04-24 10:49:31 +00:00
github-actions[bot]
fd658739c3 Release v6.51.0 2026-04-24 10:45:40 +00:00
github-actions[bot]
415f67d432 Release v6.50.0 2026-04-24 04:18:56 +00:00
github-actions[bot]
fda5b12143 Release v6.20.0 2026-04-22 20:57:21 +00:00
github-actions[bot]
b80a91e40a Release v6.19.0 2026-04-22 19:51:04 +00:00
github-actions[bot]
bf62d15ad6 Release v6.18.0 2026-04-22 19:10:45 +00:00
github-actions[bot]
7d860c5287 Release v6.17.1 2026-04-22 19:04:54 +00:00
github-actions[bot]
8cabe7da4b Release v6.17.0 2026-04-22 19:00:54 +00:00
github-actions[bot]
1aa785068b Release v6.16.0 2026-04-22 18:15:16 +00:00
github-actions[bot]
8efc4e9a56 Release v6.15.0 2026-04-22 18:10:04 +00:00
github-actions[bot]
4e1a870fe2 Release v6.14.0 2026-04-22 17:35:12 +00:00
github-actions[bot]
31507a4f09 Release v6.13.1 2026-04-22 17:30:03 +00:00
github-actions[bot]
651f799c17 Release v6.13.0 2026-04-22 16:54:37 +00:00
github-actions[bot]
c35b05fc5a Release v6.12.0 2026-04-22 15:15:37 +00:00
github-actions[bot]
22dd5cc8f4 Release v6.11.0 2026-04-22 14:52:24 +00:00
github-actions[bot]
1bb8918b46 Release v6.10.3 2026-04-22 11:11:43 +00:00
github-actions[bot]
2709595793 Release v6.10.2 2026-04-22 10:41:25 +00:00
github-actions[bot]
c4da879336 Release v6.10.1 2026-04-22 03:52:10 +00:00
github-actions[bot]
887ef04de7 Release v6.10.0 2026-04-22 01:59:19 +00:00
github-actions[bot]
f1802d66f4 Release v6.9.0 2026-04-21 23:01:09 +00:00
github-actions[bot]
cc035e7d8d Release v6.8.0 2026-04-21 20:20:21 +00:00
github-actions[bot]
ed8948e539 Release v6.7.0 2026-04-20 21:20:01 +00:00
github-actions[bot]
28118c4493 Release v6.6.0 2026-04-20 02:23:33 +00:00
github-actions[bot]
9603a8fcf8 Release v6.5.0 2026-04-20 01:51:30 +00:00
github-actions[bot]
30cfc9700b Release v6.4.0 2026-04-20 00:49:55 +00:00
github-actions[bot]
936ecbd113 Release v6.3.1 2026-04-19 19:26:56 +00:00
github-actions[bot]
b09276faf5 Release v6.3.0 2026-04-19 00:17:21 +00:00
github-actions[bot]
895caa2093 Release v6.2.1 2026-04-14 22:10:45 +00:00
github-actions[bot]
9085bb6bb6 Release v6.2.0 2026-04-14 21:51:17 +00:00
Daniel
b485eec828 Release v6.1.1 2026-04-14 23:40:10 +02:00
Daniel
ef341671e2 Untrack Capacitor-generated files + node_modules in mobile/
The mobile/ wrapper had 1700+ node_modules files tracked, plus the
Capacitor-regenerated artifacts that get rewritten on every
`npx cap sync android` (capacitor.build.gradle, capacitor.config.json,
capacitor.plugins.json, capacitor.settings.gradle, the cordova-android-
plugins subtree). Every local dev or CI sync caused noisy drift that
blocked scripts/release.sh from running.

Added mobile/.gitignore covering node_modules, cap-sync outputs,
Android build outputs, .jks/.apk/.aab files, and .DS_Store.
Kept package-lock.json tracked for reproducible npm install.

No logic changes — only stopped tracking files that are always
regenerated.
2026-04-14 23:35:23 +02:00
Daniel
73398e91ed Version alignment + release script — single source of truth
Aligns every version string in the repo to 6.1.0:
  - package.json: 6.0.0 → 6.1.0
  - mobile/package.json: 1.0.0 → 6.1.0
  - mobile/android/app/build.gradle: versionCode 1 → 610,
      versionName "1.0" → "6.1.0"
  - server.js: hardcoded "v6.0" → reads root package.json at boot
  - /api/health/detailed now reports APP_VERSION from package.json

Adds scripts/release.sh — a one-command bump:
  scripts/release.sh 6.1.1                # local bump + tag
  scripts/release.sh 6.1.1 --push         # + git push
  scripts/release.sh 6.1.1 --push --gh    # + GitHub release (uploads
                                            APK if already built)

Updates all three version sites, commits "Release v6.1.1",
creates annotated tag, optionally pushes and opens a release.
versionCode encoded as MAJ*100000 + MIN*1000 + PATCH so patch
updates always increment monotonically.
2026-04-14 23:18:47 +02:00
Daniel
4a29c496f6 Mobile app hardening — security + Android 14 compat
capacitor.config.json:
  - webContentsDebuggingEnabled: true → false
    (was leaving Chrome DevTools able to attach to released builds)
  - allowMixedContent: true → false
    (API is HTTPS-only; no need to permit cleartext loads)
  - server.allowNavigation: ["*"] → restricted to pedshub.com /
    peds.danvics.com origins
    (prevents WebView following an attacker-controlled redirect)

AndroidManifest.xml:
  - android:allowBackup="false" + data_extraction_rules.xml
    (Android system backup would otherwise copy EncryptedSharedPreferences
     containing the auth token into Google Cloud backups)
  - Removed USE_BIOMETRIC permission (feature removed earlier)

AudioRecordingService.java:
  - startForeground(id, notif, TYPE_MICROPHONE) on Android 14+
    (without the explicit type Android 14 kills the service with
     MissingForegroundServiceTypeException)
  - WakeLock cap: 1h → 8h (still bounded, onDestroy releases early)

MainActivity.java:
  - Removed dead biometric code path and androidx.biometric imports

mobile/package.json:
  - Dropped @aparajita/capacitor-biometric-auth — orphan dependency
2026-04-14 04:15:27 +02:00
Daniel
79fee2d4f2 Remove biometric prompt (will implement properly with token-based auth later) 2026-04-11 03:57:40 +02:00
Daniel
e1ce374809 Native Android: biometric auth, foreground service bridge, mic fix
Major Android native improvements:

Biometric authentication:
- Native AndroidX BiometricPrompt on app launch (2nd launch onwards)
- Supports fingerprint, face, iris, and device PIN/password fallback
- Gracefully skips if no biometric hardware or first launch
- Uses SharedPreferences to track first launch

Microphone permission:
- Added MODIFY_AUDIO_SETTINGS permission (required for WebView audio)
- Added androidScheme: "https" in Capacitor config (getUserMedia requires
  secure context)
- WebChromeClient properly grants WebView permission after Android
  runtime permission is obtained
- Handles pending permission request across the async flow

Background recording bridge:
- NativeRecording JavaScript interface exposed to WebView
- startForegroundService() / stopForegroundService() callable from JS
- Web app calls these on recording start/stop in liveEncounter.js
- AudioRecordingService keeps CPU awake + shows notification when recording
- Recording survives screen lock via foreground service + wake lock

Also:
- USE_BIOMETRIC permission added to manifest
- androidx.biometric:biometric dependency added to build.gradle
- Haptic fallback to navigator.vibrate when Capacitor plugins unavailable
2026-04-11 03:42:23 +02:00
Daniel
4b1afd1f44 Fix WebView mic: grant both Android runtime + WebView permissions
The WebView has its own permission layer separate from Android runtime
permissions. Both must be granted. Now when the web page requests mic
access, the WebChromeClient checks if Android permission exists, grants
the WebView request if yes, or requests Android permission first then
grants the pending WebView request in the callback.
2026-04-11 03:37:45 +02:00
Daniel
6d3b0693d8 Fix Android mic permission, simplify launcher, remove broken biometric
- MainActivity: request RECORD_AUDIO permission at app start via
  ActivityCompat (not WebChromeClient override which broke Capacitor bridge)
- Simplify launcher: remove server reachability check (was failing in
  WebView), just save URL and navigate directly
- Remove biometric auth from launcher (Capacitor plugins need ES module
  bundler, not available in plain HTML). Biometric can be added later
  via the web app with proper Capacitor runtime.
- Add webContentsDebuggingEnabled for development
2026-04-11 03:34:47 +02:00