elpatron
dea33e3f00
Ersetzt die spoofbare X-User-Id-Auth durch signierte HttpOnly-Sessions nach WebAuthn, erzwingt WRITE-only Sync, speichert den Master-Key nur im RAM und ergänzt CORS, Rate-Limits, Helmet sowie Passkey-Reauth für sensible Aktionen. Co-authored-by: Cursor <cursoragent@cursor.com>
34 lines
812 B
JSON
34 lines
812 B
JSON
{
|
|
"name": "server",
|
|
"version": "1.0.0",
|
|
"description": "Backend API for Kapteins Daagbok",
|
|
"main": "dist/index.js",
|
|
"type": "module",
|
|
"scripts": {
|
|
"build": "tsc",
|
|
"start": "node dist/index.js",
|
|
"dev": "tsx watch src/index.ts"
|
|
},
|
|
"dependencies": {
|
|
"@prisma/client": "^5.10.2",
|
|
"@simplewebauthn/server": "^9.0.3",
|
|
"cookie-parser": "^1.4.7",
|
|
"cors": "^2.8.5",
|
|
"dotenv": "^16.4.5",
|
|
"express": "^4.19.2",
|
|
"express-rate-limit": "^8.5.2",
|
|
"helmet": "^8.2.0",
|
|
"prisma": "^5.10.2",
|
|
"web-push": "^3.6.7"
|
|
},
|
|
"devDependencies": {
|
|
"@types/cookie-parser": "^1.4.10",
|
|
"@types/cors": "^2.8.17",
|
|
"@types/express": "^4.17.21",
|
|
"@types/node": "^20.11.24",
|
|
"@types/web-push": "^3.6.4",
|
|
"tsx": "^4.7.1",
|
|
"typescript": "^5.3.3"
|
|
}
|
|
}
|