Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-09 19:32:24 +00:00

Commit graph

Author	SHA1	Message	Date
Pulse Monitor	e661665d24	fix: comprehensive security improvements and UI fixes - Remove overly restrictive password complexity requirements (now only 8+ chars) - Fix Change Password section not appearing in Settings > Security - Fix logout sometimes showing setup page instead of login page - Remove misleading desktop notifications option from first-run setup - Improve rate limiting on authentication endpoints - Fix sensitive data appearing in logs (passwords, tokens) - Enhance file permissions for sensitive files (0600) - Fix WebSocket origin validation defaults - Add password complexity validation for setup - Improve CSRF token handling after server restarts - Fix security status API using wrong fetch client - Add logout race condition prevention Security improvements: - No credential leakage in logs - Proper bcrypt password hashing - Session management enhancements - Rate limiting on all auth endpoints - Secure file permissions on sensitive data	2025-08-16 21:10:24 +00:00
Pulse Monitor	958cacf042	feat: enhance security and improve login UI Security Improvements: - Implement bcrypt password hashing (cost factor 12) - Add SHA3-256 API token hashing - Fix authentication enforcement after security setup - Improve restart mechanism to properly reload systemd environment - Add CSRF protection for all state-changing operations - Implement comprehensive rate limiting (10/min auth, 500/min API) - Remove sensitive data from logs - Add security audit test suite UI Enhancements: - Add Pulse logo to login screen with animations - Implement glassmorphism design for login form - Add gradient backgrounds and smooth animations - Enhance input fields with icons - Add loading spinner for authentication - Improve overall login page aesthetics Bug Fixes: - Fix security setup restart mechanism - Fix systemd environment variable inheritance - Fix CSRF validation for security endpoints - Fix password change and removal functionality Testing: - Add automated security test suite - Verify all authentication flows - Test rate limiting effectiveness - Validate CSRF protection	2025-08-13 23:07:57 +00:00
Pulse Monitor	66403e88fb	refactor: consolidate authentication system and improve API structure - Remove registration tokens feature in favor of simpler API token auth - Add password authentication with change password functionality - Centralize API client logic with proper auth handling - Add development scripts for better DX (hot-reload, proxy setup) - Refactor auth middleware and handlers for cleaner separation - Update frontend to use new centralized API client	2025-08-13 14:51:46 +00:00

Author

SHA1

Message

Date

Pulse Monitor

e661665d24

fix: comprehensive security improvements and UI fixes

- Remove overly restrictive password complexity requirements (now only 8+ chars)
- Fix Change Password section not appearing in Settings > Security
- Fix logout sometimes showing setup page instead of login page
- Remove misleading desktop notifications option from first-run setup
- Improve rate limiting on authentication endpoints
- Fix sensitive data appearing in logs (passwords, tokens)
- Enhance file permissions for sensitive files (0600)
- Fix WebSocket origin validation defaults
- Add password complexity validation for setup
- Improve CSRF token handling after server restarts
- Fix security status API using wrong fetch client
- Add logout race condition prevention

Security improvements:
- No credential leakage in logs
- Proper bcrypt password hashing
- Session management enhancements
- Rate limiting on all auth endpoints
- Secure file permissions on sensitive data

2025-08-16 21:10:24 +00:00

Pulse Monitor

958cacf042

feat: enhance security and improve login UI

Security Improvements:
- Implement bcrypt password hashing (cost factor 12)
- Add SHA3-256 API token hashing
- Fix authentication enforcement after security setup
- Improve restart mechanism to properly reload systemd environment
- Add CSRF protection for all state-changing operations
- Implement comprehensive rate limiting (10/min auth, 500/min API)
- Remove sensitive data from logs
- Add security audit test suite

UI Enhancements:
- Add Pulse logo to login screen with animations
- Implement glassmorphism design for login form
- Add gradient backgrounds and smooth animations
- Enhance input fields with icons
- Add loading spinner for authentication
- Improve overall login page aesthetics

Bug Fixes:
- Fix security setup restart mechanism
- Fix systemd environment variable inheritance
- Fix CSRF validation for security endpoints
- Fix password change and removal functionality

Testing:
- Add automated security test suite
- Verify all authentication flows
- Test rate limiting effectiveness
- Validate CSRF protection

2025-08-13 23:07:57 +00:00

Pulse Monitor

66403e88fb

refactor: consolidate authentication system and improve API structure

- Remove registration tokens feature in favor of simpler API token auth
- Add password authentication with change password functionality
- Centralize API client logic with proper auth handling
- Add development scripts for better DX (hot-reload, proxy setup)
- Refactor auth middleware and handlers for cleaner separation
- Update frontend to use new centralized API client

2025-08-13 14:51:46 +00:00

3 commits