Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d45cc00f2feb406b472c0074e9bcfc70cf078050
CapaKraken/apps/web
T
History
Hartmut d45cc00f2f security: cookie + session hardening (#41) 
Three related fixes:
- Cookie secure flag now tracks AUTH_URL scheme (https → Secure),
  not NODE_ENV — staging over HTTPS with NODE_ENV!=production used
  to ship Set-Cookie without Secure. Cookie name gains __Host-
  prefix when Secure is on.
- jwt() callback no longer swallows session-registry write failures;
  concurrent-session cap is now fail-closed.
- Session callback no longer copies token.sid onto session.user.jti.
  The tRPC route handler reads the JTI directly from the encrypted
  JWT via getToken() so it stays server-side.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 09:00:54 +02:00
..
e2e
test(web/e2e): verify root redirect via HTTP not Chromium navigation
2026-04-13 06:44:39 +02:00
public
feat: user invite flow, deactivate/delete, favicon, dashboard loading fix, admin full-width
2026-04-02 20:19:26 +02:00
src
security: cookie + session hardening (#41)
2026-04-17 09:00:54 +02:00
.gitignore
test(e2e): fix dev-system test suite — storageState + strict-mode + signout
2026-04-01 19:09:49 +02:00
eslint.config.mjs
chore: add pre-commit hooks, tighten ESLint, activate Sentry DSN, publish CI coverage (Phase 1)
2026-04-10 14:49:29 +02:00
next-env.d.ts
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
next.config.ts
perf(api,web,db): refactor and optimize for enterprise readiness
2026-04-11 22:34:41 +02:00
package.json
security: bound password inputs, configure pino redact, patch deps (#36 #46 #58)
2026-04-17 08:13:25 +02:00
playwright.ci.config.ts
ci: bridge docker-deploy compose to gitea_gitea; bypass turbo for e2e
2026-04-12 23:22:50 +02:00
playwright.config.ts
feat(planning): ship holiday-aware planning and assistant upgrades
2026-03-28 22:49:28 +01:00
playwright.dev.config.ts
test(e2e): fix dev-system test suite — storageState + strict-mode + signout
2026-04-01 19:09:49 +02:00
postcss.config.js
chore(repo): initialize planarchy workspace
2026-03-14 14:31:09 +01:00
sentry.client.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
sentry.edge.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
sentry.server.config.ts
feat: integrate Sentry error tracking
2026-03-22 18:38:27 +01:00
tailwind.config.ts
fix: add missing brand-950 to Tailwind config
2026-03-22 20:39:08 +01:00
tsconfig.json
feat(planning): ship holiday-aware planning and assistant upgrades
2026-03-28 22:49:28 +01:00
tsconfig.typecheck.json
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
typecheck-env.d.ts
feat(platform): checkpoint current implementation state
2026-04-01 07:42:03 +02:00
vitest.config.mts
test(web): add 57 UI component and hook tests with jsdom cleanup
2026-04-10 17:06:42 +02:00