akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
2,051 Commits 2 Branches 4 Tags
2537fc8a148d286ba22271503e2fe4bf2e13a343
Commit Graph

8 Commits

Author SHA1 Message Date
fuomag9
044f012dd0 Added issued-client-cert tracking and revocation for mTLS 2026-03-06 14:53:17 +01:00
fuomag9
75044c8d9b fix: harden security post-review (JWT exposure, rate limiter, token expiry, timing) 
- Raw JWT never sent to browser: page.tsx uses peekLinkingToken (read-only),
  client sends opaque linkingId, API calls retrieveLinkingToken server-side
- link-account rate limiter now uses isRateLimited/registerFailedAttempt/
  resetAttempts correctly (count only failures, reset on success)
- linking_tokens gains expiresAt column (indexed) + opportunistic expiry
  purge on insert to prevent unbounded table growth
- secureTokenCompare fixed: pad+slice to expected length so timing is
  constant regardless of submitted token length (no length leak)
- autoLinkOAuth uses config.oauth.allowAutoLinking (boolean) instead of
  process.env truthy check that mishandles OAUTH_ALLOW_AUTO_LINKING=false
- Add Permissions-Policy header; restore X-Frame-Options for legacy UAs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 20:58:21 +01:00
fuomag9
66ad3e9431 fix: enforce unique provider+subject constraint and harden sync route 
- Change providerSubjectIdx from index to uniqueIndex in schema.ts to
  prevent multiple users sharing the same (provider, subject) pair,
  which caused non-deterministic sign-in resolution via findFirst.
- Add migration 0008_unique_provider_subject.sql: DROP the existing
  non-unique index and CREATE UNIQUE INDEX in its place.
- Validate INSTANCE_SYNC_MAX_BYTES env var in sync route: fall back to
  10 MB default when the value is non-numeric (e.g. 'off') or
  non-positive, preventing NaN comparisons that silently disabled the
  size limit.
- Return a generic error message to callers on applySyncPayload /
  applyCaddyConfig failure instead of leaking the raw error string;
  the original message is still stored internally via setSlaveLastSync.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:41:12 +01:00
fuomag9
5d219095b3 fix: use rightmost XFF entry in rate limiter to prevent IP spoofing 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 09:25:34 +01:00
fuomag9
7e4df5e50b removed redirect feature 2026-02-13 22:53:11 +01:00
fuomag9
6d56cf2288 deprecate deadhosts, move it to the GUI as a custom response feature 2026-02-07 00:51:48 +01:00
fuomag9
90916bd709 various security fixes 
Sync secrets encrypted at rest
Sync endpoint hardening
Avatar upload SVG restriction
 2026-01-25 11:27:14 +01:00
fuomag9
6fb39dc809 Implement slave-master architecture 2026-01-25 01:39:36 +01:00