johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
34 Commits 1 Branch 0 Tags 133 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
James 27c715f963 chore: auto-commit uncommitted changes 2026-03-04 00:01:22 -05:00
James b17af439a0 Fix CSP: allow Tailwind CDN and Google Fonts 2026-02-28 11:45:49 -05:00
James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings 
CRITICAL fixes:
- OTP code comparison now uses constant-time compare (timing attack)
- Backdoor code comparison now uses constant-time compare (timing attack)

HIGH fixes:
- CORS policy restricted to allowlist (was wildcard *)
- Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.)

See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including
4 MEDIUM and 3 LOW/INFO findings documented for future work.
 2026-02-28 07:17:06 -05:00
James 44dde159f6 Add ops: systemd service, deploy scripts, backup, healthcheck, README 2026-02-28 05:38:02 -05:00
James 202bac8693 Initial Go foundation 
Complete project structure with FIPS 140-3 crypto (AES-256-GCM + HKDF-SHA256),
entry-based data model, three RBAC choke points (EntryRead/EntryWrite/EntryDelete),
optimistic locking, soft delete, blind indexes for search, embedded website,
and deployed to muskepo.com.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 04:25:57 -05:00