yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: security hardening across platform

Browse Source 
- Disable open /api/auth/register endpoint (gateway)
- Require gateway session auth on Immich and Karakeep hooks proxies
- Replace SHA-256 with bcrypt in fitness service (auth + seed)
- Remove hardcoded Telegram user IDs from fitness seed
- Add Secure flag to session cookie
- Add domain allowlist and content-type validation to image proxy
- Strengthen .gitignore (env variants, runtime data, test artifacts)
This commit is contained in:
Yusuf Suleman
2026-03-29 08:25:50 -05:00
parent d1801540ae
commit 6bd23e7e8b
8 changed files with 111 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gateway/responses.py
View File

@@ -42,7 +42,7 @@ class ResponseMixin:
def _set_session_cookie(self, token):
self.send_header("Set-Cookie",
f"platform_session={token}; Path=/; HttpOnly; SameSite=Lax; Max-Age={SESSION_MAX_AGE}")
f"platform_session={token}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age={SESSION_MAX_AGE}")
def _read_body(self):
length = int(self.headers.get("Content-Length", 0))