nroxy

sirily/nroxy

Fork 0

Commit Graph

Author	SHA1	Message	Date
sirily	1a7250467e	fix: harden web runtime and follow-up auth/db security fixes (#21 ) ## Summary - harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations - redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers - scope generation idempotency keys per user with a Prisma migration and regression coverage ## Testing - docker build -f infra/docker/web.Dockerfile -t nroxy-web-check . - docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test" Closes #14 Closes #7 Closes #8 Co-authored-by: sirily <sirily@git.shararam.party> Reviewed-on: #21	2026-03-11 16:28:56 +03:00
sirily	55472de23d	chore: remove MVP positioning and align plan defaults (#15 ) ## Summary - remove MVP wording from repository docs and guidance - rename the system plan document and update references to it - align the default subscription plan code/name with product wording - document hard subscription expiry with no grace period ## Verification - docker build -f infra/docker/web.Dockerfile . - docker build -f infra/docker/migrate.Dockerfile . Co-authored-by: sirily <sirily@git.shararam.party> Reviewed-on: #15	2026-03-10 15:01:06 +03:00
sirily	6c0ca4e28b	Initial import	2026-03-10 14:03:52 +03:00

Author

SHA1

Message

Date

sirily

1a7250467e

fix: harden web runtime and follow-up auth/db security fixes (#21 )

## Summary
- harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
- redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
- scope generation idempotency keys per user with a Prisma migration and regression coverage

## Testing
- docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
- docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"

Closes #14
Closes #7
Closes #8

Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #21

2026-03-11 16:28:56 +03:00

sirily

55472de23d

chore: remove MVP positioning and align plan defaults (#15 )

## Summary
- remove MVP wording from repository docs and guidance
- rename the system plan document and update references to it
- align the default subscription plan code/name with product wording
- document hard subscription expiry with no grace period

## Verification
- docker build -f infra/docker/web.Dockerfile .
- docker build -f infra/docker/migrate.Dockerfile .

Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #15

2026-03-10 15:01:06 +03:00

sirily

6c0ca4e28b

Initial import

2026-03-10 14:03:52 +03:00

3 Commits