tiny-forge

alexei.dolgolyov/tiny-forge

Fork 0

Commit Graph

Author	SHA1	Message	Date
alexei.dolgolyov	205a5a36c6	test: add core test suite for crypto, auth, and store packages - 8 crypto tests: key derivation, encrypt/decrypt round-trip, wrong key, nonce uniqueness - 6 auth tests: password hash/verify, JWT generate/validate, token revocation - 14 store tests: project CRUD, user CRUD, stage/deploy lifecycle, pagination, cascade deletes - Fix stages CREATE TABLE schema to include notification_url column - Total: 28 tests, all passing	2026-04-04 14:13:05 +03:00
alexei.dolgolyov	ff59d9f799	fix: security hardening for middleware, crypto, and backup handlers - Remove CORS origin reflection (SEC-C1 CRITICAL) - Add Content-Security-Policy header (SEC-H2) - Fix rate limiter memory leak with periodic stale IP cleanup (SEC-H5) - Enforce minimum 32-char ENCRYPTION_KEY (SEC-H4) - Validate backup type against allowlist (SEC-M6) - Fix backup download path traversal with path containment check (SEC-C2 CRITICAL)	2026-04-04 12:40:37 +03:00
alexei.dolgolyov	cdf21682d6	feat(docker-watcher): phase 2 - crypto & config seed loader AES-256-GCM encryption for credential storage, YAML seed config parser with validation, and transactional import into SQLite. Credentials (registry tokens, NPM password) encrypted before storage.	2026-03-27 21:01:16 +03:00

Author

SHA1

Message

Date

alexei.dolgolyov

205a5a36c6

test: add core test suite for crypto, auth, and store packages

- 8 crypto tests: key derivation, encrypt/decrypt round-trip, wrong key, nonce uniqueness
- 6 auth tests: password hash/verify, JWT generate/validate, token revocation
- 14 store tests: project CRUD, user CRUD, stage/deploy lifecycle, pagination, cascade deletes
- Fix stages CREATE TABLE schema to include notification_url column
- Total: 28 tests, all passing

2026-04-04 14:13:05 +03:00

alexei.dolgolyov

ff59d9f799

fix: security hardening for middleware, crypto, and backup handlers

- Remove CORS origin reflection (SEC-C1 CRITICAL)
- Add Content-Security-Policy header (SEC-H2)
- Fix rate limiter memory leak with periodic stale IP cleanup (SEC-H5)
- Enforce minimum 32-char ENCRYPTION_KEY (SEC-H4)
- Validate backup type against allowlist (SEC-M6)
- Fix backup download path traversal with path containment check (SEC-C2 CRITICAL)

2026-04-04 12:40:37 +03:00

alexei.dolgolyov

cdf21682d6

feat(docker-watcher): phase 2 - crypto & config seed loader

AES-256-GCM encryption for credential storage, YAML seed config
parser with validation, and transactional import into SQLite.
Credentials (registry tokens, NPM password) encrypted before storage.

2026-03-27 21:01:16 +03:00

3 Commits