kapteins-daagbok

elpatron/kapteins-daagbok

Fork 0

Commit Graph

Author	SHA1	Message	Date
elpatron	2b029a26f0	Fix passkey login 429 by forwarding client IPs correctly. Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-02 22:48:15 +02:00
elpatron	b9ce853059	feat(ops): script to rotate PostgreSQL password safely Add rotate-postgres-password.sh with optional app role, document the procedure, and stop defaulting production POSTGRES_PASSWORD to postgres. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-01 15:09:15 +02:00
elpatron	e138752dd3	feat(security): Sprint 1 hardening for production behind NPM Add trust proxy, WebAuthn challenge TTL, stricter public collaboration rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env, nginx security headers/CSP, and deployment documentation. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-06-01 15:02:15 +02:00

Author

SHA1

Message

Date

elpatron

2b029a26f0

Fix passkey login 429 by forwarding client IPs correctly.

Forward X-Forwarded-For through frontend nginx, use TRUST_PROXY=1 for the Docker hop, and limit auth rate limiting to login flows only.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-06-02 22:48:15 +02:00

elpatron

b9ce853059

feat(ops): script to rotate PostgreSQL password safely

Add rotate-postgres-password.sh with optional app role, document the
procedure, and stop defaulting production POSTGRES_PASSWORD to postgres.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-06-01 15:09:15 +02:00

elpatron

e138752dd3

feat(security): Sprint 1 hardening for production behind NPM

Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-06-01 15:02:15 +02:00

3 Commits