Hamza-Ayed
|
6db8986fca
|
Update: 2026-05-08 04:58:23
|
2026-05-08 04:58:23 +03:00 |
|
Hamza-Ayed
|
dd364fc918
|
Update: 2026-05-06 21:24:56
|
2026-05-06 21:24:56 +03:00 |
|
Hamza-Ayed
|
c63d9944ee
|
Update: 2026-05-05 16:31:41
|
2026-05-05 16:31:41 +03:00 |
|
Hamza-Ayed
|
3249a227d6
|
Update: 2026-05-04 20:12:58
|
2026-05-04 20:12:58 +03:00 |
|
Hamza-Ayed
|
ee37a4fa52
|
Update: 2026-05-04 02:03:26
|
2026-05-04 02:03:26 +03:00 |
|
Hamza-Ayed
|
5dd8fe46f3
|
Update: 2026-05-04 01:59:47
|
2026-05-04 01:59:47 +03:00 |
|
Hamza-Ayed
|
214d96ee8d
|
Security Hardening: Phase 1-3 complete
- C1: Hash refresh tokens before DB storage (sha256)
- C2: Remove JWT_SECRET fallback, fail hard if missing
- H1: Enforce HTTP methods per route (405 on mismatch)
- H2: CORS with origin whitelist from CORS_ORIGIN env var
- H3: Redact sensitive fields (tokens, passwords) from logs
- M1: Build HmacMiddleware with replay attack prevention
- M2: Fix rate limiter race condition with flock LOCK_EX
- M3: Guard dd() — suppressed in production
- M4: Remove .env from git tracking, strengthen .gitignore
- I1: Add HSTS header (max-age=31536000)
|
2026-05-03 21:06:17 +03:00 |
|
Hamza-Ayed
|
b33513ebcf
|
Update: 2026-05-03 20:56:55
|
2026-05-03 20:56:55 +03:00 |
|
Hamza-Ayed
|
8af74f0621
|
Update: 2026-05-03 20:51:50
|
2026-05-03 20:51:50 +03:00 |
|
Hamza-Ayed
|
bc35319f3c
|
Update: 2026-05-03 20:45:16
|
2026-05-03 20:45:16 +03:00 |
|
Hamza-Ayed
|
2c8ed7e742
|
Update: 2026-05-03 18:19:24
|
2026-05-03 18:19:24 +03:00 |
|
Hamza-Ayed
|
59d766c6d7
|
Update: 2026-05-03 18:15:49
|
2026-05-03 18:15:49 +03:00 |
|
Hamza-Ayed
|
0d458e8d81
|
Update: 2026-05-03 18:12:07
|
2026-05-03 18:12:07 +03:00 |
|
Hamza-Ayed
|
4b40b1185f
|
Update: 2026-05-03 17:32:57
|
2026-05-03 17:32:57 +03:00 |
|