mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-13 23:54:03 +00:00
28f9d9db53
Security Features Added: - Secure-by-default configuration export/import with ALLOW_UNPROTECTED_EXPORT environment variable - Rate limiting (5 attempts/minute) to prevent brute force attacks on sensitive endpoints - Comprehensive audit logging for all export/import attempts with IP tracking - Frontend Security tab showing API protection status and configuration guidance - Frontend now shows when export is blocked and disables buttons appropriately - Strong passphrase requirement (minimum 12 characters) for exports Technical Implementation: - New RateLimiter component with automatic cleanup and middleware support - Security status API endpoint showing protection state - Enhanced error messaging with specific guidance for homelab vs production use - Proper authentication flow with API token validation - Updated documentation reflecting new security model Breaking Changes: - Export/import now requires API_TOKEN unless ALLOW_UNPROTECTED_EXPORT=true is set - Minimum passphrase length increased from none to 12 characters Additional Improvements: - Fixed architecture-specific updates for better cross-platform support - Removed RC label from UI header - Updated security documentation with clear setup instructions |
||
|---|---|---|
| .. | ||
| alerts.go | ||
| config_handlers.go | ||
| diagnostics.go | ||
| middleware.go | ||
| notifications.go | ||
| ratelimit.go | ||
| router.go | ||
| settings.go | ||
| updates.go | ||