sirily/nroxy
1
0
Fork 0
Code Issues 5 Pull Requests 2 Actions 2 Packages Projects Releases Wiki Activity
Files
1a7250467e1c45ab6f8eba8b15498475409853f1
nroxy/packages/db
History
sirily 1a7250467e fix: harden web runtime and follow-up auth/db security fixes (#21) 
## Summary
- harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
- redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
- scope generation idempotency keys per user with a Prisma migration and regression coverage

## Testing
- docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
- docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"

Closes #14
Closes #7
Closes #8

Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #21
2026-03-11 16:28:56 +03:00
..
prisma
fix: harden web runtime and follow-up auth/db security fixes (#21)
2026-03-11 16:28:56 +03:00
src
fix: harden web runtime and follow-up auth/db security fixes (#21)
2026-03-11 16:28:56 +03:00
AGENTS.md
Initial import
2026-03-10 14:03:52 +03:00
package.json
fix: make invoice payment activation idempotent (#18)
2026-03-10 17:53:00 +03:00
README.md
chore: remove MVP positioning and align plan defaults (#15)
2026-03-10 15:01:06 +03:00
tsconfig.json
Initial import
2026-03-10 14:03:52 +03:00

README.md

packages/db

Database package for nproxy.

Implemented in this iteration

  • Prisma package scaffold
  • Current Prisma schema for persisted state
  • Shared schema path export for runtime tooling

Current scope

  • Users and subscription state
  • Manual crypto invoices
  • Generation requests and provider-key attempts
  • Usage ledger
  • Provider keys, optional proxies, and auditable state events
  • Telegram pairing and admin allowlist
  • Admin audit log
Reference in New Issue View Git Blame Copy Permalink