adamf/web_server
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
786 Commits 3 Branches 0 Tags
c684fcb8582f3b176e9091816c2e0e068ce5cbd4
Commit Graph

12 Commits

Author SHA1 Message Date
Adam French
b56f8253d9 Harden backend against critical and high security vulnerabilities
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 3m51s
Details 
- Fix WebSocket CheckOrigin to use proper url.Parse instead of string stripping
- Add admin auth checks to Users/User GraphQL queries
- Remove GraphQL GET transport to prevent CSRF via cross-site links
- Add application-level IP-based login rate limiting (5 attempts/min)
- Add path traversal bounds check on radio file upload
- Require DEV_MODE for GraphQL introspection and playground
- Move notes backend endpoint behind admin middleware
- Add dedicated Nginx rate limit zone for GraphQL (10r/s)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-14 13:27:33 +01:00
Adam French
264df132df Add Steam integration showing online status and recent games
Some checks failed
Deploy with Docker Compose / deploy (push) Has been cancelled
Details 
Fetches player summary and recently played games from Steam API with
5-minute server-side caching. Displays in the home sidebar with online
indicator and game artwork.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-26 01:59:34 +00:00
Adam French
7381cda7b8 Move Gitea feed from frontend to backend with cached GraphQL proxy
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 4m39s
Details 
Replaces direct browser-to-Gitea API calls with a backend service that
proxies and caches the feed (1-min TTL), served via the existing GraphQL
HomeData query. Commit message parsing now happens server-side.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 00:14:59 +00:00
Adam French
1d4beca336 Add claude client to store 2026-03-04 14:21:51 +00:00
Adam French
dbdab24e17 adding admin tools 2026-02-06 13:20:21 +00:00
Adam French
99ace613ce added obsidian note api 2026-01-12 15:46:01 +00:00
Adam French
0466d9d288 adding jwt tokens 2025-11-25 16:03:05 +00:00
Adam French
c6aac050cc added saving and refreshing token 2025-11-23 22:35:45 +00:00
Adam French
d042f365cf plenty of spotify variables 2025-11-23 21:33:40 +00:00
Adam French
1323d33bd1 adding spotify authentication 2025-11-23 20:40:07 +00:00
Adam French
8ed08d8f3d adding spotify what am I listening to api 2025-11-22 11:29:11 +00:00
Adam French
9aabff9752 adding spotify api interaction 2025-11-20 18:04:31 +00:00