akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
2,154 Commits 2 Branches 4 Tags
55f4ba4e80180af8fe05fbac09c471fa3590e817
Commit Graph

10 Commits

Author SHA1 Message Date
fuomag9
77e354cd7c feat: rewrite auth pages with shadcn 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 13:29:55 +01:00
fuomag9
73c90894b1 Handle wildcard proxy hosts and stabilize test coverage 
- accept wildcard proxy host domains like *.example.com with validation and normalization
- make exact hosts win over overlapping wildcards in generated routes and TLS policies
- add unit coverage for host-pattern priority and wildcard domain handling
- add a single test:all entry point and clean up lint/typecheck issues so the suite runs cleanly
- run mobile layout Playwright checks under both chromium and mobile-iphone
 2026-03-14 01:03:34 +01:00
fuomag9
75044c8d9b fix: harden security post-review (JWT exposure, rate limiter, token expiry, timing) 
- Raw JWT never sent to browser: page.tsx uses peekLinkingToken (read-only),
  client sends opaque linkingId, API calls retrieveLinkingToken server-side
- link-account rate limiter now uses isRateLimited/registerFailedAttempt/
  resetAttempts correctly (count only failures, reset on success)
- linking_tokens gains expiresAt column (indexed) + opportunistic expiry
  purge on insert to prevent unbounded table growth
- secureTokenCompare fixed: pad+slice to expected length so timing is
  constant regardless of submitted token length (no length leak)
- autoLinkOAuth uses config.oauth.allowAutoLinking (boolean) instead of
  process.env truthy check that mishandles OAUTH_ALLOW_AUTO_LINKING=false
- Add Permissions-Policy header; restore X-Frame-Options for legacy UAs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 20:58:21 +01:00
fuomag9
9a189ea342 fix: store OAuth linking token server-side, remove JWT from URL and audit log 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 09:31:27 +01:00
fuomag9
be21f46ad5 Added user tab and oauth2, streamlined readme 2025-12-28 15:14:56 +01:00
fuomag9
ad0225a16e Throttle login attempts and lock admin actions to privileged sessions 2025-11-04 00:00:22 +01:00
fuomag9
668b667fe9 updated a lot of stuff 2025-11-02 22:16:13 +01:00
fuomag9
d9ced96e1b implement oauth2 login 2025-10-31 23:02:30 +01:00
fuomag9
29acf06f75 Swapped the entire UI to Material UI, applied a global dark theme, and removed all of the old styled-jsx/CSS-module styling 2025-10-31 21:03:02 +01:00
fuomag9
315192fb54 first rewrite commit 2025-10-31 20:08:28 +01:00