v2.1.1

📦 FlaskBank v2.1.1 – Patch Release

🔒 Security & Compliance

• Updated SECURITY.md to clearly document how and where to submit security advisories.

🐛 Bug Fixes

• Wallet Parsing Fix:
  Resolved a critical bug in login.js that caused certain wallet names containing invalid characters to fail (resulting in 404 errors). The input is now validated properly before proceeding.

• Runtime Configuration:
  Reverted unintended inclusion of app.run(debug=True) and restored correct production-ready waitress.serve configuration.

• General Stability Improvements:
  Fixed multiple major issues affecting wallet loading, parsing, login flows, and request handling. These improvements ensure smoother and more reliable backend behavior.

🧩 Issue Templates

• Renamed and reorganized issue template .yml files to follow GitHub’s recommended structure under .github/ISSUE_TEMPLATE/. New templates added for streamlined contribution.

---

Full Changelog: v2.1.0...v2.1.1

v2.1.0

🏦 Bank App v2.1.0 — Release Notes

This release focuses on security, code cleanliness, and user-facing quality-of-life improvements. Here's what’s new and improved in v2.1.0:

---

✅ New Features & Improvements

• Delete Account Request (With Safety Logic)
  Users can now request to delete their accounts. Admin accounts are protected with logic preventing accidental or intentional self-deletion.

• Export Logs to CSV
  Users can now export logs in CSV format directly for easier external review and record-keeping.

• Session Key Warning
  Added an alert system that warns admins (in the server logs not the bank logs) when a randomized session key is being used — which helps to prevent unexpected session invalidation across server reboots.

• Improved Logging
  Logging messages have been refined for clarity, consistency, and better traceability.

---

🛠️ Code & Backend Enhancements

• Formatted & Cleaned Codebase
  Codebase has been cleaned up and formatted for better readability and maintainability.

• Removed Unused API Routes
  Dead API routes have been pruned. A new GET /status route was added to report server status.

---

🔒 Security Fixes

• CSRF Protection for Bank Transfers
  A critical security fix: CSRF tokens are now properly validated for bank transfers to prevent forgery attacks.
  This was a bug in the transfers for admins as I have forgotten to add the CSRF to the header of the request in the AJAX request in the JS fetch

---

⚠️ Note

If your server uses ephemeral or randomized keys on reboot, user sessions may become invalid. This release now detects and warns against this behavior.

---

Full Changelog: v2.0.0...v2.1.0

v2.0.0

Flask Bank v2.0.0 Release Notes

Major Updates & Fixes

• Server health endpoint restriction: Server health status is now hidden for non-admin users to prevent unauthorized access (403 error fixed).
• Admin wallet syncing: Admin wallet amount automatically syncs with the unset currency, supporting manual currency changes, then resets admin wallet accordingly.
• Setup endpoint security: Fixed a critical security vulnerability allowing unsafe setup calls via app.test_client().post('/api/setup', json={}).
• Improved Flask security: Hardened Flask app defaults and integrated Flask-Talisman for better security headers.
• Content Security Policy (CSP): Migrated all inline JavaScript to external files across 4 key HTML templates to comply with stricter CSP.
• Login form validation: Introduced stronger and more robust login form validation rules.
• Request wallet form validation: Prevented injection of dangerous characters (| and others) in the reason field using regex on both backend and frontend.
• Database UI enhancements: Added buttons in the SQL DB settings section to rename bank or currency names easily.
• CSRF protection: Enforced CSRF tokens and required name attributes on all forms.
• API docs and access removal: Removed all references to API_ACCESS and related documentation to reduce attack surface.
• Unified error handling: All JSON and error responses now pass through a centralized error.html template for consistent user experience.
• Code formatting and logging: Cleaned and standardized code formatting; replaced all print statements with enhanced logging featuring color output in app.py.

---

Breaking Changes

• The admin_password column in the settings table is now removed to improve security.
• If upgrading from an older version, please run the following SQL command to prevent schema conflicts:

DO $$
BEGIN
    IF EXISTS (
        SELECT 1
        FROM information_schema.columns
        WHERE table_name='settings'
          AND column_name='admin_password'
    ) THEN
        ALTER TABLE settings
        DROP COLUMN admin_password;
    END IF;
END$$;

---

Thank you for upgrading to Flask Bank v2.0.0. This release significantly improves security, stability, and user experience. For detailed usage and migration instructions, please consult the updated documentation.

---

Full Changelog: v1.1.2...v2.0.0

v1.1.2

🏦 Flask Bank – Patch Release v1.1.2

Release Date: 2025-05-17
Status: Hotfix Patch

🔧 Bug Fixes

• [MAJOR] Fixed critical issue where the bank failed to initialize due to a missing database table creation step. You can now actually use the bank.
• [MINOR] Improved error handling on routes that previously crashed (500 error) when the database wasn't initialized. Users now get cleaner, more informative feedback instead of a fireball of HTML stack trace doom.

---

Full Changelog: v1.1.1...v1.1.2

v1.1.1

🏦 Banking Server v1.1.1 — Bug Squashing Update

Changes:

• [Module Refactor]:
  • Improved banking/ module for enhanced code readability and maintenance.
  • Refactored form validation logic.
  • Moved client IP retrieval to get_data.py for cleaner separation of concerns.

• [API Enhancements]:
  • Created api_routes.py — centralized all API route definitions. (In future will neatly organise it)

• [Bug Fixes]:
  • Fixed critical bug in Admin SQL queries.
  • Resolved issue where sqlQuery field wasn’t being cleared properly — previously allowed unintended stacked queries.
  • Patched rotate_logs() crash:
  → Problem was dependency on Flask app context during log rotation before the app being defined (log rotation is a init function).
  → Solved by adjusting log_module.py to remove Flask dependency during initialization.

• [Features]:
  • Added new button to access and review archived logs directly through Admin panel.

• [Cleanup]:
  • Removed unnecessary db_test.py (its useless compared to the in-web database feature).

Version bump:

• v1.1.0 → v1.1.1

---

Full Changelog: v1.1.0...v1.1.1

v1.1.0

🚀 Release v1.1.0 - Admin View Overhaul & Performance Upgrades

✨ What's New:

• Admin View Balance Chart Logic Fixed
  Resolved an issue in the admin view where balance charts displayed incorrect data due to shared logic assumptions. Now correctly isolated for admin-specific behavior.

🐛 Bug Fixes:

• Fixed Status Timestamp Formatting
  Removed an extra space causing minor display inconsistencies.
• Resolved Flask failure to Inject to JS Bug in Admin Pages
  Moved critical scripts like admin_wallet_detail.js and user_logs.js directly into their respective HTML files to leverage Flask’s {{ }} rendering system. Ensured compatibility. (Related issue #1)
• API /transfer/ Endpoints Fixed
  JavaScript rendering bugs were preventing proper request handling. The fixes ensure full functionality for transfer-related admin actions.

⚡ Performance & Readability:

• Utilized Flask's g object (Related to #2)
  Improved performance by using Flask’s g to store and reuse frequently accessed request-bound data.
• Modularized app.py (Related to #2)
  Broke down the monolithic app file into cleaner modules to boost readability and maintainability.

---

Full Changelog: v1.0.0...v1.1.0

v1.0.0

RELEASED Flask Banking System

A powerful, modular, and secure banking system built with Flask. This application provides a comprehensive solution for
managing digital currency transactions, user accounts, and administrative controls with an intuitive web interface.

Features

Core Banking Features

• User Account Management: Create, manage, and secure user accounts with password hashing
• Wallet System: Digital currency wallets with real-time balance tracking
• Transaction Processing: Secure transfer of funds between users
• Transaction Logs: Comprehensive logging of all system activities
• Refund System: Request and process refunds with administrative approval
• Treasury Management: Mint and burn currency to control the economy

Administrative Features

• Admin Dashboard: Centralized control panel for system management
• User Management: Create, modify, and manage user accounts
• Wallet Administration: Create special wallets and manage permissions
• Database Explorer: Direct database access with protection for admin accounts
• System Health Monitoring: Real-time metrics on system performance
• Rule Management: Dynamic rule creation and enforcement

Security Features

• Password Hashing: Secure storage of user credentials
• API Access Control: Prevents unauthorized API access from external sources
• Admin Account Protection: Safeguards against accidental deletion or modification
• Input Validation: Protects against injection attacks
• Audit Logging: Tracks all system activities for security review

User Experience

• Responsive Design: Works on desktop and mobile devices
• Dark Mode Support: Reduces eye strain in low-light environments
• Real-time Updates: Automatic page refreshes after actions
• Leaderboard: Gamification element showing top account holders
• Intuitive Navigation: User-friendly interface for all operations

---

Full Changelog: https://github.com/DefinetlyNotAI/FlaskBank/commits/v1.0.0