dealspace

History

James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings CRITICAL fixes: - OTP code comparison now uses constant-time compare (timing attack) - Backdoor code comparison now uses constant-time compare (timing attack) HIGH fixes: - CORS policy restricted to allowlist (was wildcard *) - Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.) See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including 4 MEDIUM and 3 LOW/INFO findings documented for future work.		2026-02-28 07:17:06 -05:00
..
crypto.go	Initial Go foundation	2026-02-28 04:25:57 -05:00
crypto_test.go	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00
dbcore.go	Security audit 2026-02-28: fix critical/high findings	2026-02-28 07:17:06 -05:00
dbcore_test.go	Add test suite: crypto, dbcore, rbac, auth middleware, integration	2026-02-28 05:46:47 -05:00
embed.go	Initial Go foundation	2026-02-28 04:25:57 -05:00
mailer.go	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00
mailer_test.go	Add email system: mailer + 7 transactional templates	2026-02-28 05:46:03 -05:00
notify.go	Add email system: mailer + 7 transactional templates	2026-02-28 05:46:03 -05:00
rbac.go	Add all missing app templates: projects, project, request, orgs, admin	2026-02-28 06:48:51 -05:00
rbac_test.go	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00
store.go	Add test suite: crypto, dbcore, rbac, auth middleware, integration	2026-02-28 05:46:47 -05:00
types.go	Port diligence request model + CSV/XLSX import from old dealroom	2026-02-28 07:13:29 -05:00
watermark.go	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00
watermark_test.go	Add watermark tests and update website content	2026-02-28 05:40:58 -05:00