groombook/app

Archived

Fork 0

Commit Graph

Author	SHA1	Message	Date
Flea Flicker	1cce354413	fix(GRO-622): security hardening for auth, authorization, and token handling - Remove placeholder secret fallback in AUTH_DISABLED mode (auth.ts) - Make auth-provider setup atomic via DB transaction (setup.ts) - Fix confirmation token replay with atomic UPDATE...WHERE (book.ts) - Add strict CORS origin allowlist validation (index.ts) - Validate OIDC discovery URL hostname matches issuer (auth.ts) - Use timingSafeEqual for iCal token comparison (calendar.ts) - Add in-memory rate limiting to setup endpoints (setup.ts) - Keep RBAC error message correct (rbac.ts - already correct in main) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 23:23:48 +00:00
groombook-engineer[bot]	6539eb4554	feat: iCal calendar feed (GRO-107) feat: iCal calendar feed (GRO-107) Closes GRO-107	2026-03-27 02:37:06 +00:00

Author

SHA1

Message

Date

Flea Flicker

1cce354413

fix(GRO-622): security hardening for auth, authorization, and token handling

- Remove placeholder secret fallback in AUTH_DISABLED mode (auth.ts)
- Make auth-provider setup atomic via DB transaction (setup.ts)
- Fix confirmation token replay with atomic UPDATE...WHERE (book.ts)
- Add strict CORS origin allowlist validation (index.ts)
- Validate OIDC discovery URL hostname matches issuer (auth.ts)
- Use timingSafeEqual for iCal token comparison (calendar.ts)
- Add in-memory rate limiting to setup endpoints (setup.ts)
- Keep RBAC error message correct (rbac.ts - already correct in main)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-14 23:23:48 +00:00

groombook-engineer[bot]

6539eb4554

feat: iCal calendar feed (GRO-107)

feat: iCal calendar feed (GRO-107)

Closes GRO-107

2026-03-27 02:37:06 +00:00

2 Commits