yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: security hardening across platform

Browse Source 
- Disable open /api/auth/register endpoint (gateway)
- Require gateway session auth on Immich and Karakeep hooks proxies
- Replace SHA-256 with bcrypt in fitness service (auth + seed)
- Remove hardcoded Telegram user IDs from fitness seed
- Add Secure flag to session cookie
- Add domain allowlist and content-type validation to image proxy
- Strengthen .gitignore (env variants, runtime data, test artifacts)
This commit is contained in:
Yusuf Suleman
2026-03-29 08:25:50 -05:00
parent d1801540ae
commit 6bd23e7e8b
8 changed files with 111 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/fitness/Dockerfile.backend
View File

@@ -1,5 +1,7 @@
FROM python:3.12-slim
WORKDIR /app
RUN pip install bcrypt
COPY server.py .
EXPOSE 8095
ENV PYTHONUNBUFFERED=1
CMD ["python3", "server.py"]