Session 2026-04-23: Security, Content-Schutz, Wiki-Temperament-Migration

Security (9 Fixes): - JWT_SECRET Pflicht-Check beim Start (Production) - Rate-Limit: Login (10/5min), Register (5/h), KI-Training (10/h), Giftköder (3/h) - KI-Training-Endpoint: Auth-Pflicht hinzugefügt - Private Profile aus Freunde-Suche gefiltert - OG-Tags XSS mit html.escape() gesichert - Globales File-Upload-Limit 20 MB (Middleware) - E-Mail-Maskierung für Moderatoren im Admin-Panel - IP-Blocklist in ratelimit.py Content-Schutz (4 Schichten): - robots.txt: /api/ komplett Disallow, SSR-Seiten Allow - Rate-Limit auf /api/wiki/rassen (60/min) + Detail (30/min) - Honeypot /api/wiki/trap + unsichtbarer Link in index.html - Wasserzeichen in KI-Enricher-Prompt Wiki Temperament-Migration: - 60-Wort Übersetzungsmap EN→DE - Datenmüll-Filter (hunderasse, dog breed etc.) - translate_existing_temperaments() + Admin-Button - SW by-v318, APP_VER 306
2026-04-23 18:34:05 +02:00 · 2026-04-23 18:34:05 +02:00 · 15f854d96c
commit 15f854d96c
parent 0f5f1c4c30
15 changed files with 284 additions and 53 deletions
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@ -3,7 +3,7 @@
   Router, State-Management, Navigation, Initialisierung.
   ============================================================ */

-const APP_VER = '300'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER = '306'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen

 const App = (() => {

--- a/backend/static/js/pages/admin.js
+++ b/backend/static/js/pages/admin.js
@ -674,6 +674,18 @@ window.Page_admin = (() => {
        </button>
      </div>
      <div id="adm-sys-cards">Lade…</div>
+      <div class="card" style="margin-top:var(--space-4);padding:var(--space-4)">
+        <div style="font-size:var(--text-sm);font-weight:var(--weight-semibold);
+                    color:var(--c-text);margin-bottom:var(--space-3)">Wartung</div>
+        <div style="display:flex;flex-wrap:wrap;gap:var(--space-2)">
+          <button class="btn btn-secondary btn-sm" id="adm-translate-temper">
+            ${UI.icon('translate')} Temperament → Deutsch
+          </button>
+        </div>
+        <div id="adm-maint-result" style="margin-top:var(--space-2);font-size:var(--text-xs);
+             color:var(--c-text-secondary)"></div>
+      </div>
+
      <div style="margin-top:var(--space-5)">
        <div style="display:flex;align-items:center;gap:var(--space-3);margin-bottom:var(--space-3)">
          <span style="font-size:var(--text-sm);font-weight:600">Server-Logs</span>
@ -712,6 +724,21 @@ window.Page_admin = (() => {
    });
    el.querySelector('#adm-log-refresh').addEventListener('click', loadLogs);
    el.querySelector('#adm-log-level').addEventListener('change', loadLogs);
+    el.querySelector('#adm-translate-temper').addEventListener('click', async (e) => {
+      const btn = e.currentTarget;
+      const res = el.querySelector('#adm-maint-result');
+      btn.disabled = true;
+      res.textContent = 'Läuft…';
+      try {
+        const d = await API.post('/admin/wiki/translate-temperament', {});
+        res.textContent = `✓ ${d.updated} Rassen übersetzt`;
+      } catch (err) {
+        res.textContent = '✗ Fehler: ' + (err.message || err);
+      } finally {
+        btn.disabled = false;
+      }
+    });
+
    await _loadSystemCards(el.querySelector('#adm-sys-cards'));
    await loadLogs();
  }