Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
musadaq-saas/.gitignore
Hamza-Ayed 214d96ee8d Security Hardening: Phase 1-3 complete 
- C1: Hash refresh tokens before DB storage (sha256)
- C2: Remove JWT_SECRET fallback, fail hard if missing
- H1: Enforce HTTP methods per route (405 on mismatch)
- H2: CORS with origin whitelist from CORS_ORIGIN env var
- H3: Redact sensitive fields (tokens, passwords) from logs
- M1: Build HmacMiddleware with replay attack prevention
- M2: Fix rate limiter race condition with flock LOCK_EX
- M3: Guard dd() — suppressed in production
- M4: Remove .env from git tracking, strengthen .gitignore
- I1: Add HSTS header (max-age=31536000)
2026-05-03 21:06:17 +03:00

22 lines
267 B
Plaintext
Raw Permalink Blame History

# Secrets — NEVER commit these
.env
.env.*
config/secrets.php
# Storage — runtime data, not code
storage/invoices/
storage/logs/
storage/exports/
storage/cache/
# Dependencies
vendor/
node_modules/
# Dev tools
scratch.js
describe.php
.DS_Store
.idea/
.vscode/
Reference in New Issue View Git Blame Copy Permalink