AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NIS2 Agile - Piattaforma SaaS per compliance NIS2 (EU 2022/2555)
214 Commits 1 Branch 0 Tags 12 MiB
HTML 49.5%
PHP 39.5%
JavaScript 9.1%
CSS 1.9%
de09af6d7e
Go to file
DevEnv nis2-agile de09af6d7e [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 
Auth fornitore SEPARATA dagli utenti interni (supplier_users/otp/sessions, mig 034):
- SUPPLIER_JWT_SECRET dedicato, aud=supplier-portal, claim sp_uid/supplier_id/org_id
  (mai user_id); requireSupplierSession() verifica jti in supplier_sessions
  (revocabile), non tocca users/active_sessions.
- OTP 8 cifre SHA-256, 15min, lockout persistente (attempts+locked_until),
  invalidazione OTP precedenti, hash_equals, rate-limit email+IP.
- magic-link 32B hashed single-use (consumo atomico solo su verify).
- request-otp risposta opaca anti-enumerazione.
- OTP via EmailService::sendViaTemplate (/api/emails/send, fuori da email_log).
- Endpoint: requestOtp/verifyOtp (no auth) + me/getQuestionnaire/saveAnswers
  (PATCH autosave)/submitQuestionnaire. Ownership campaign.supplier_id==session (no IDOR).
- Scoring per-vulnerabilita (Art.21.3), snapshot domande immutabile.
- config: SUPPLIER_JWT_SECRET + PATCH in CORS_ALLOWED_METHODS.
- routes: controllerMap + actionMap supplier-portal.

php -l OK su tutti. Tabelle 034 gia' applicate su host.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 17:40:20 +02:00
.claude [SERVER] Auto-commit: allineamento repository 2026-02-24 12:56:23 +00:00
application [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 2026-05-31 17:40:20 +02:00
docker [FIX] Qdrant URL hostname drift-proof (RAG produzione) + recreate app 2026-05-29 17:22:54 +02:00
docs docs(handover): standard apple-developer-multi-prodotto v1.0 (broadcast 31/5) 2026-05-31 17:10:34 +02:00
public [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 2026-05-31 17:40:20 +02:00
scripts [FEAT] Fase 2 cron: reminder/overdue/ricorrenza questionari fornitori 2026-05-31 17:27:50 +02:00
.dockerignore [FIX] Dockerignore: allow docker/php.ini for build context 2026-02-18 09:17:52 +01:00
.gitignore [CHORE] .gitignore: escludi backup (*.bak*, .backups/) e chiavi SSH effimere (.ssh-temp/) 2026-05-29 15:41:44 +02:00
.htaccess [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
AGENT_CHANGES.md [DOCS] Standard cross-suite AgileHub + governance CLAUDE.md + registri agent 2026-05-29 15:41:54 +02:00
agile-services-istructio.md [CORE] Aggiunto integrazione agile-services: istruzioni + CLAUDE.md aggiornato 2026-02-18 08:05:36 +00:00
CLAUDE.md docs(handover): standard apple-developer-multi-prodotto v1.0 (broadcast 31/5) 2026-05-31 17:10:34 +02:00
simulate-nis2-b2b.php [FIX] simulate-nis2-b2b: POST /invites → /invites/create (router mapping) 2026-03-10 15:55:23 +01:00
simulate-nis2-big.php [FIX] BigSim: asset_type mapping + incident/NCR ENUM values 2026-03-17 15:49:49 +01:00
simulate-nis2.php [FIX] simulate: proc_open streaming SSE (pattern lg231) + NIS2_SSE flag 2026-03-10 10:51:05 +01:00