Commit graph

25 commits

Author SHA1 Message Date
lmg-anon
0c678ed74e
Merge pull request #117 from limdingwen/proxy-fix
Fix authorization in proxy when password enabled
2025-11-17 13:51:39 -03:00
lmg-anon
b491e54de6
Merge pull request #116 from limdingwen/docker
Add Docker support
2025-11-17 13:50:15 -03:00
Lim Ding Wen
69126f45a1 Fix authorization in proxy when password enabled
The client-side fetch API, by default, appends the correct authorization (which includes the username and password) to any requests. However, the code was overwriting it with API keys.

To fix this, I added a new header for the proxy called `X-REAL-AUTHORIZATION` which will proxy the API key through, while not overwriting the user/password authorization needed for the server to accept the proxy request.
2025-11-11 12:53:44 +08:00
Lim Ding Wen
8fbc69e5c9 Move Docker files into server directory, split and update README
Resolves: https://github.com/lmg-anon/mikupad/pull/116#issuecomment-3475060622
2025-11-11 12:50:43 +08:00
lmg-anon
6f55246033 Make start.sh executable
I didn't know this was possible using git until now!
2025-11-03 18:14:32 -03:00
lmg-anon
9d5d75d673 Implement Theme Editor 2025-10-31 23:16:39 -03:00
lmg-anon
2ebd8a060b Implement database compression, and finishing touches 2025-10-31 18:36:49 -03:00
lmg-anon
26eb4b867f Finish NameStore changes 2025-10-31 17:14:48 -03:00
lmg-anon
6f341fae71
Merge pull request #113 from saood06/main
Add support for seperate name table (ServerDBAdapter support only)
2025-10-28 18:21:12 -03:00
Lim Ding Wen
98912426a7 Dockerize server
Adds a new argument and environment variable to change the SQLite
storage path, which helps with the Docker volume.

Adds a .gitignore for any docker-compose.override.yml files.
2025-07-06 16:28:56 +08:00
saood06
d9f88b55af Add support for seperate name table (ServerDBAdapter support only) 2025-05-16 04:30:30 -05:00
Vasilii Ermilov
911db4c6a2
Add whitelist to normalizeStoreName to avoid injection
This PR introduces a whitelist check to mitigate SQL injection risks when handling user input. Previously, user-controlled input was being used directly in dynamic SQL queries, which could allow an attacker to manipulate database queries.
E.g. https://github.com/lmg-anon/mikupad/blob/HEAD/server/server.js#L285
2025-02-27 11:29:47 -05:00
saood06
5e9a0baba1
Merge branch 'lmg-anon:main' into main 2024-12-16 21:03:48 -06:00
lmg-anon
b05fe94c51
Add basic AI Horde support 2024-12-15 20:25:45 -03:00
saood06
f2a4d3b75a
Multi file import and only keep active session in sessions object 2024-12-08 18:40:43 -06:00
lmg-anon
66a3597e9f
Expand server proxy header blacklist 2024-07-24 21:09:55 -03:00
lmg-anon
2b7f0b09cf Add version check to server 2024-05-22 12:03:10 -03:00
lmg-anon
21635115cb
Update server for multi-store support 2024-05-20 15:35:52 -03:00
lmg-anon
370dc9f63e Add password support to mikupad server 2024-04-23 19:27:36 -03:00
lmg-anon
b161885b3b Open browser by default on server start 2024-04-23 12:45:50 -03:00
lmg-anon
06911073e4 Use a more robust way to pipe errors 2024-04-15 19:46:47 -03:00
lmg-anon
51cfd1f7ec Add start.sh 2024-04-15 19:15:54 -03:00
lmg-anon
f7cf703355 Update server.js 2024-04-15 18:53:41 -03:00
lmg-anon
919fff399c Use the configured session endpoint rather than localhost 2024-02-19 20:10:58 -03:00
lmg-anon
e9bdf15a19 Implement Session Server 2024-02-19 19:27:08 -03:00