platform

yusiboyz/platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Yusuf Suleman	79d2c3b4b6	fix: remove all default credentials (#2 ) - Gateway: admin user seeded from ADMIN_USERNAME/ADMIN_PASSWORD env vars (no more hardcoded admin/admin). Warns if not set. - Trips: USERNAME/PASSWORD env vars no longer default to admin/admin. Warns if not set. - Fitness: user seed requires USER{n}_USERNAME/PASSWORD env vars. No more "changeme" fallback. Skips seed if not set. - /api/auth/register remains disabled (403) Closes #2	2026-03-29 09:10:44 -05:00
Yusuf Suleman	fcb9383623	fix(gateway): enforce API key auth on inventory and budget services (#5 ) - Added X-API-Key middleware to inventory-service and budget-service - Services reject all requests without valid API key (401) - Gateway proxy injects service API keys for inventory and budget - Dashboard widget fetchers inject API keys - Generated unique API keys per service, stored in .env - Added SERVICE_API_KEY env var to docker-compose for both services Partial fix for #5 — internal services now require auth. Remaining: document trust model, validate service token semantics.	2026-03-29 09:06:41 -05:00
Yusuf Suleman	d3e250e361	Initial commit: Second Brain Platform Complete platform with unified design system and real API integration. Apps: Dashboard, Fitness, Budget, Inventory, Trips, Reader, Media, Settings Infrastructure: SvelteKit + Python gateway + Docker Compose	2026-03-28 23:20:40 -05:00

Author

SHA1

Message

Date

Yusuf Suleman

79d2c3b4b6

fix: remove all default credentials (#2 )

- Gateway: admin user seeded from ADMIN_USERNAME/ADMIN_PASSWORD env vars
  (no more hardcoded admin/admin). Warns if not set.
- Trips: USERNAME/PASSWORD env vars no longer default to admin/admin.
  Warns if not set.
- Fitness: user seed requires USER{n}_USERNAME/PASSWORD env vars.
  No more "changeme" fallback. Skips seed if not set.
- /api/auth/register remains disabled (403)

Closes #2

2026-03-29 09:10:44 -05:00

Yusuf Suleman

fcb9383623

fix(gateway): enforce API key auth on inventory and budget services (#5 )

- Added X-API-Key middleware to inventory-service and budget-service
- Services reject all requests without valid API key (401)
- Gateway proxy injects service API keys for inventory and budget
- Dashboard widget fetchers inject API keys
- Generated unique API keys per service, stored in .env
- Added SERVICE_API_KEY env var to docker-compose for both services

Partial fix for #5 — internal services now require auth.
Remaining: document trust model, validate service token semantics.

2026-03-29 09:06:41 -05:00

Yusuf Suleman

d3e250e361

Initial commit: Second Brain Platform

Complete platform with unified design system and real API integration.

Apps: Dashboard, Fitness, Budget, Inventory, Trips, Reader, Media, Settings
Infrastructure: SvelteKit + Python gateway + Docker Compose

2026-03-28 23:20:40 -05:00

3 Commits