This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Flea Flicker 1cce354413 fix(GRO-622): security hardening for auth, authorization, and token handling ...

- Remove placeholder secret fallback in AUTH_DISABLED mode (auth.ts)
- Make auth-provider setup atomic via DB transaction (setup.ts)
- Fix confirmation token replay with atomic UPDATE...WHERE (book.ts)
- Add strict CORS origin allowlist validation (index.ts)
- Validate OIDC discovery URL hostname matches issuer (auth.ts)
- Use timingSafeEqual for iCal token comparison (calendar.ts)
- Add in-memory rate limiting to setup endpoints (setup.ts)
- Keep RBAC error message correct (rbac.ts - already correct in main)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-14 23:23:48 +00:00

..

api

fix(GRO-622): security hardening for auth, authorization, and token handling

2026-04-14 23:23:48 +00:00

e2e

fix(e2e): use domcontentloaded instead of networkidle in admin invoices test

2026-04-11 16:50:35 +00:00

groombook/overlays/uat

fix(GRO-451): re-seal UAT secrets with correct cluster certificate

2026-04-04 12:27:23 +00:00

web

Merge branch 'main' into feature/gro-631-ci-pnpm-pin

2026-04-14 17:34:02 +00:00