sirily/nroxy
1
0
Fork 0
Code Issues 6 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: harden web runtime and follow-up auth/db security fixes #21

Merged
sirily merged 4 commits from fix/api-runtime-security-controls into master 2026-03-11 16:28:56 +03:00
Conversation 0 Commits 4 Files Changed 14 +924 -202
sirily commented 2026-03-11 12:51:06 +03:00
Owner
Copy Link

Summary

  • harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
  • redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
  • scope generation idempotency keys per user with a Prisma migration and regression coverage

Testing

  • docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
  • docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"

Closes #14
Closes #7
Closes #8

## Summary - harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations - redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers - scope generation idempotency keys per user with a Prisma migration and regression coverage ## Testing - docker build -f infra/docker/web.Dockerfile -t nroxy-web-check . - docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test" Closes #14 Closes #7 Closes #8
sirily added 1 commit 2026-03-11 12:51:07 +03:00
fix: harden web API runtime controls 24e3aa0bc0
sirily added 1 commit 2026-03-11 13:23:21 +03:00
fix: close remaining web api security gaps f404c36ed1
sirily added 2 commits 2026-03-11 14:03:40 +03:00
fix: stop logging password reset secrets 348f197d99
fix: scope generation idempotency per user 0c05b091d0
sirily changed title from fix: harden web API runtime controls to fix: harden web runtime and follow-up auth/db security fixes 2026-03-11 14:18:19 +03:00
sirily merged commit 1a7250467e into master 2026-03-11 16:28:56 +03:00
sirily deleted branch fix/api-runtime-security-controls 2026-03-11 16:28:57 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
sirily
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sirily/nroxy#21
Delete Branch "fix/api-runtime-security-controls"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?