makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
314 Commits 4 Branches 16 Tags
3158274c6a81c242eea4f478a5bdd6c0e44e5860
Commit Graph

5 Commits

Author SHA1 Message Date
Jean-Luc Makiola
1b6a65b4d5 feat(15-02): rewrite auth routes for OIDC login/callback/logout 
- Add top-level /login, /callback, /logout OIDC routes in index.ts
- Strip auth.ts to /me (OIDC claims) and API key CRUD only
- Remove credential-based login, setup, password change routes
- Remove all cookie/session handling from auth routes
 2026-04-04 20:44:46 +02:00
Jean-Luc Makiola
2dddba9a08 feat: add rate limiting on login and setup endpoints 
Implement in-memory rate limiter with 5 attempts per 15-minute window per IP address. Protects brute-force attacks on credential endpoints.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 15:36:03 +02:00
Jean-Luc Makiola
ecff58500e fix: validate route ID parameters, return 400 for invalid IDs 
Adds parseId helper in src/server/lib/params.ts and applies it across
all route files so non-positive-integer IDs return 400 instead of
silently passing NaN to services.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 15:34:06 +02:00
Jean-Luc Makiola
17d76761bb fix: address code review issues — MCP auth, error handling, password route 
- MCP auth middleware now rejects requests without API key when users exist
- Image /from-url route distinguishes validation errors (400) from server errors (500)
- Password change route returns 401 when no session cookie instead of crashing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 13:42:34 +02:00
Jean-Luc Makiola
e0e7bfce3e feat: add auth routes for login, setup, and API key management 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 13:24:26 +02:00