cs_betty/api
1
0
Fork 0
forked from cartsnitch/api
Code Pull Requests 2 Activity
95 Commits 16 Branches 0 Tags
cbc9e12394794b997ac7333f8fc63af0d09623f8
Commit Graph

5 Commits

Author SHA1 Message Date
Barcode Betty 1867f0bb87 feat: implement audit logging middleware for sensitive API operations 
- Add AuditMiddleware that logs POST/PUT/PATCH/DELETE and GET /auth/me
- Logs structured JSON: event, timestamp, user_id, method, path, client_ip, status_code, duration_ms
- Excludes health endpoints and OPTIONS requests
- Never logs request/response bodies or auth headers/cookies
- Wire user_id from auth dependency via request.state
- Add add_audit_middleware() to app factory

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 13:41:55 +00:00
cartsnitch-cto[bot] 6b1213544f fix(security): use SHA-256 hash for rate limit key instead of token suffix (#169) 
fix(security): use SHA-256 hash for rate limit key instead of token suffix
 2026-04-14 12:45:15 +00:00
CartSnitch Engineer Bot 34e68cfac3 fix: restrict CORS to explicit methods and add security headers 
- Replace allow_methods=["*"] with explicit list: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Replace allow_headers=["*"] with explicit list: Content-Type, Authorization, Accept, Origin, X-Requested-With
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP nginx headers

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:49:02 +00:00
CartSnitch Engineer Bot b5df9aba1e fix(security): use SHA-256 hash for rate limit key instead of token suffix 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:36:17 +00:00
Coupon Carl b7e6f637a7 feat: merge cartsnitch/api into api/ subdirectory 
Consolidate API gateway service into monorepo.
Squashed from https://github.com/cartsnitch/api main (89bacb1).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-28 02:24:02 +00:00