elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
473 Commits 4 Branches 122 Tags
master
Commit Graph

5 Commits

Author SHA1 Message Date
elpatron 2b029a26f0 Fix passkey login 429 by forwarding client IPs correctly. 
Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-02 22:48:15 +02:00
elpatron 18f14d7e0b chore(deploy): run predeploy-check.sh from update-prod.sh 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:18:58 +02:00
elpatron 0edf4a789c feat(quality): Sprint 2 pre-deploy gates and server smoke tests 
Extract Express app factory for testability, add Vitest/Supertest API
smoke tests, root npm run check script, and deployment docs. Fix
express-rate-limit IPv6 keyGenerator for feedback limiter.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:17:46 +02:00
elpatron b9ce853059 feat(ops): script to rotate PostgreSQL password safely 
Add rotate-postgres-password.sh with optional app role, document the
procedure, and stop defaulting production POSTGRES_PASSWORD to postgres.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:09:15 +02:00
elpatron e138752dd3 feat(security): Sprint 1 hardening for production behind NPM 
Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-01 15:02:15 +02:00