fix: security hardening across platform
- Disable open /api/auth/register endpoint (gateway) - Require gateway session auth on Immich and Karakeep hooks proxies - Replace SHA-256 with bcrypt in fitness service (auth + seed) - Remove hardcoded Telegram user IDs from fitness seed - Add Secure flag to session cookie - Add domain allowlist and content-type validation to image proxy - Strengthen .gitignore (env variants, runtime data, test artifacts)
This commit is contained in:
Yusuf Suleman
39
.gitignore
vendored
39
.gitignore
vendored
@@ -1,18 +1,39 @@
|
||||
node_modules/
|
||||
.svelte-kit/
|
||||
build/
|
||||
# Secrets and local config
|
||||
.env
|
||||
.env.*
|
||||
!.env.example
|
||||
services/**/.env
|
||||
services/**/.env.*
|
||||
|
||||
# Dependencies
|
||||
node_modules/
|
||||
frontend-v2/node_modules/
|
||||
|
||||
# Build artifacts
|
||||
.svelte-kit/
|
||||
frontend-v2/.svelte-kit/
|
||||
build/
|
||||
frontend-v2/build/
|
||||
__pycache__/
|
||||
*.pyc
|
||||
|
||||
# Runtime data
|
||||
*.db
|
||||
*.db-journal
|
||||
*.db-wal
|
||||
*.db-shm
|
||||
data/
|
||||
__pycache__/
|
||||
*.pyc
|
||||
.DS_Store
|
||||
**/data/*.db
|
||||
**/data/*.json
|
||||
services/fitness/data/
|
||||
services/trips/data/
|
||||
gateway/data/
|
||||
frontend-v2/.svelte-kit/
|
||||
frontend-v2/build/
|
||||
frontend-v2/node_modules/
|
||||
|
||||
# OS
|
||||
.DS_Store
|
||||
|
||||
# Media
|
||||
*.png
|
||||
|
||||
# Test artifacts
|
||||
test-results/
|
||||
|
||||
Reference in New Issue
Block a user