Hamza-Ayed
|
13bbc29e0e
|
Update: 2026-05-03 22:35:31
|
2026-05-03 22:35:31 +03:00 |
|
Hamza-Ayed
|
2732229642
|
Update: 2026-05-03 22:26:56
|
2026-05-03 22:26:56 +03:00 |
|
Hamza-Ayed
|
ab9625839e
|
Update: 2026-05-03 22:15:40
|
2026-05-03 22:15:40 +03:00 |
|
Hamza-Ayed
|
089a2b76c0
|
Update: 2026-05-03 21:58:11
|
2026-05-03 21:58:11 +03:00 |
|
Hamza-Ayed
|
e1d4917369
|
Update: 2026-05-03 21:37:02
|
2026-05-03 21:37:02 +03:00 |
|
Hamza-Ayed
|
214d96ee8d
|
Security Hardening: Phase 1-3 complete
- C1: Hash refresh tokens before DB storage (sha256)
- C2: Remove JWT_SECRET fallback, fail hard if missing
- H1: Enforce HTTP methods per route (405 on mismatch)
- H2: CORS with origin whitelist from CORS_ORIGIN env var
- H3: Redact sensitive fields (tokens, passwords) from logs
- M1: Build HmacMiddleware with replay attack prevention
- M2: Fix rate limiter race condition with flock LOCK_EX
- M3: Guard dd() — suppressed in production
- M4: Remove .env from git tracking, strengthen .gitignore
- I1: Add HSTS header (max-age=31536000)
|
2026-05-03 21:06:17 +03:00 |
|
Hamza-Ayed
|
8af74f0621
|
Update: 2026-05-03 20:51:50
|
2026-05-03 20:51:50 +03:00 |
|
Hamza-Ayed
|
b0e79fd214
|
Update: 2026-05-03 20:47:13
|
2026-05-03 20:47:13 +03:00 |
|
Hamza-Ayed
|
bc35319f3c
|
Update: 2026-05-03 20:45:16
|
2026-05-03 20:45:16 +03:00 |
|
Hamza-Ayed
|
4b40b1185f
|
Update: 2026-05-03 17:32:57
|
2026-05-03 17:32:57 +03:00 |
|