Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b32160d5467c9806a1531fb2a839ca236308c885
CapaKraken/apps/web
T
History
Hartmut b32160d546 security: default-deny /api middleware allowlist (#44) 
Previously middleware.ts listed /api/ as a public prefix, so any new
API route added under /api/** was served without a session check
unless the developer remembered to self-authenticate it. The
middleware now returns 404 for any /api path not explicitly
allowlisted (auth, trpc, sse, cron, reports, health, ready, perf) —
adding a new API route is a deliberate allowlist edit. verifyCronSecret
was already fail-closed when CRON_SECRET is unset; added unit tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 09:03:24 +02:00
..
e2e
test(web/e2e): verify root redirect via HTTP not Chromium navigation
2026-04-13 06:44:39 +02:00
public
feat: user invite flow, deactivate/delete, favicon, dashboard loading fix, admin full-width
2026-04-02 20:19:26 +02:00
src
security: default-deny /api middleware allowlist (#44)
2026-04-17 09:03:24 +02:00
.gitignore
test(e2e): fix dev-system test suite — storageState + strict-mode + signout
2026-04-01 19:09:49 +02:00
eslint.config.mjs
chore: add pre-commit hooks, tighten ESLint, activate Sentry DSN, publish CI coverage (Phase 1)
2026-04-10 14:49:29 +02:00
next-env.d.ts
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
next.config.ts
perf(api,web,db): refactor and optimize for enterprise readiness
2026-04-11 22:34:41 +02:00
package.json
security: bound password inputs, configure pino redact, patch deps (#36 #46 #58)
2026-04-17 08:13:25 +02:00
playwright.ci.config.ts
ci: bridge docker-deploy compose to gitea_gitea; bypass turbo for e2e
2026-04-12 23:22:50 +02:00
playwright.config.ts
feat(planning): ship holiday-aware planning and assistant upgrades
2026-03-28 22:49:28 +01:00
playwright.dev.config.ts
test(e2e): fix dev-system test suite — storageState + strict-mode + signout
2026-04-01 19:09:49 +02:00
postcss.config.js
chore(repo): initialize planarchy workspace
2026-03-14 14:31:09 +01:00
sentry.client.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
sentry.edge.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
sentry.server.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
tailwind.config.ts
fix: add missing brand-950 to Tailwind config
2026-03-22 20:39:08 +01:00
tsconfig.json
feat(planning): ship holiday-aware planning and assistant upgrades
2026-03-28 22:49:28 +01:00
tsconfig.typecheck.json
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
typecheck-env.d.ts
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
vitest.config.mts
test(web): add 57 UI component and hook tests with jsdom cleanup
2026-04-10 17:06:42 +02:00