Yusuf Suleman fcb9383623 fix(gateway): enforce API key auth on inventory and budget services (#5) ...

- Added X-API-Key middleware to inventory-service and budget-service
- Services reject all requests without valid API key (401)
- Gateway proxy injects service API keys for inventory and budget
- Dashboard widget fetchers inject API keys
- Generated unique API keys per service, stored in .env
- Added SERVICE_API_KEY env var to docker-compose for both services

Partial fix for #5 — internal services now require auth.
Remaining: document trust model, validate service token semantics.

2026-03-29 09:06:41 -05:00

.claude

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

docs

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

frontend-v2

fix: security hardening across platform

2026-03-29 08:25:50 -05:00

gateway

fix(gateway): enforce API key auth on inventory and budget services (#5)

2026-03-29 09:06:41 -05:00

packages

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

services

fix(gateway): enforce API key auth on inventory and budget services (#5)

2026-03-29 09:06:41 -05:00

.env.example

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

.gitignore

fix: security hardening across platform

2026-03-29 08:25:50 -05:00

claude_remediation_prompt.txt

fix(trips): enforce password protection on shared trips (#3)

2026-03-29 08:50:45 -05:00

docker-compose.yml

fix(gateway): enforce API key auth on inventory and budget services (#5)

2026-03-29 09:06:41 -05:00

package-lock.json

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

package.json

Initial commit: Second Brain Platform

2026-03-28 23:20:40 -05:00

Description

Second Brain Platform - Dashboard, Fitness, Budget, Inventory, Trips, Reader, Media

778 KiB

Languages

Svelte 54.4%

Python 31.6%

JavaScript 10.6%

TypeScript 2%

CSS 1.1%

Other 0.2%