platform

Author	SHA1	Message	Date
Yusuf Suleman	0ed8f1f83e	fix: deployment hardening — non-root containers and health checks (#10 ) - Gateway, Trips, Fitness Dockerfiles: run as non-root (appuser) - Added HEALTHCHECK to gateway, trips, fitness - Used --chown=appuser on COPY for correct file permissions - Created data dirs with proper ownership before USER switch - Trips Dockerfile no longer copies whole context (only server.py) Partial fix for #10 — Node services (inventory, budget, frontend) not yet hardened.	2026-03-29 09:18:42 -05:00
Yusuf Suleman	79d2c3b4b6	fix: remove all default credentials (#2 ) - Gateway: admin user seeded from ADMIN_USERNAME/ADMIN_PASSWORD env vars (no more hardcoded admin/admin). Warns if not set. - Trips: USERNAME/PASSWORD env vars no longer default to admin/admin. Warns if not set. - Fitness: user seed requires USER{n}_USERNAME/PASSWORD env vars. No more "changeme" fallback. Skips seed if not set. - /api/auth/register remains disabled (403) Closes #2	2026-03-29 09:10:44 -05:00
Yusuf Suleman	d700ba7569	fix(trips): enforce password protection on shared trips (#3 ) - handle_share_api now checks X-Share-Password header against bcrypt hash before returning trip data. Returns 401 with {protected: true} if password required but not provided/incorrect - share_password now stored as bcrypt hash, not plaintext - All plaintext password logging removed from handle_share_verify - handle_share_verify uses bcrypt.checkpw instead of string equality - Migration invalidates existing plaintext share passwords (< 50 chars) - Removed dead hash_password function (used hashlib.sha256) - Added bcrypt to trips Dockerfile Closes #3	2026-03-29 08:50:45 -05:00
Yusuf Suleman	d3e250e361	Initial commit: Second Brain Platform Complete platform with unified design system and real API integration. Apps: Dashboard, Fitness, Budget, Inventory, Trips, Reader, Media, Settings Infrastructure: SvelteKit + Python gateway + Docker Compose	2026-03-28 23:20:40 -05:00

4 Commits