groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
d8c0052b5495a1ddf1ec92a82434fb90a6a7e00d
app/apps
T
History
Flea Flicker d8c0052b54 fix(GRO-634): implement auth & authorization security hardening (8 findings) 
- Remove placeholder secret fallback, require BETTER_AUTH_SECRET when AUTH_DISABLED=true
- Fix TOCTOU race in setup: use INSERT...RETURNING for atomic confirmation token creation
- Fix confirmation token replay: atomic UPDATE with WHERE clause prevents double-use
- Add CSRF origin-check middleware for non-safe HTTP methods
- Validate OIDC discovery URL hostname matches configured issuer
- Use timing-safe comparison for iCal authentication tokens
- Add rate limiting (10 req/min per IP) on setup endpoints
- Fix RBAC error messages: correct inversion of privilege check
2026-04-14 17:08:02 +00:00
..
api
fix(GRO-634): implement auth & authorization security hardening (8 findings)
2026-04-14 17:08:02 +00:00
e2e
fix(e2e): use domcontentloaded instead of networkidle in admin invoices test
2026-04-11 16:50:35 +00:00
groombook/overlays/uat
fix(GRO-451): re-seal UAT secrets with correct cluster certificate
2026-04-04 12:27:23 +00:00
web
feat(GRO-631): add security headers to nginx.conf
2026-04-14 16:10:04 +00:00