anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
96 Commits 4 Branches 2 Tags
b6b046c90b2cc353a6fba2222ad8fde9cddbce01
Commit Graph

7 Commits

Author SHA1 Message Date
anti
b6b046c90b fix: harden startup security — require strong secrets, restrict CORS 
- decnet/env.py: DECNET_JWT_SECRET and DECNET_ADMIN_PASSWORD are now
  required env vars; startup raises ValueError if unset or set to a
  known-bad default ("admin", "password", etc.)
- decnet/env.py: add DECNET_CORS_ORIGINS (comma-separated, defaults to
  http://localhost:8080) replacing the previous allow_origins=["*"]
- decnet/web/api.py: use DECNET_CORS_ORIGINS and tighten allow_methods
  and allow_headers to explicit lists
- tests/conftest.py: set required env vars at module level so test
  collection works without real credentials
- tests/test_web_api.py, test_web_api_fuzz.py: use DECNET_ADMIN_PASSWORD
  from env instead of hardcoded "admin"

Closes DEBT-001, DEBT-002, DEBT-004
 2026-04-09 12:13:22 -04:00
anti
29a2cf2738 refactor: modularize API routes into separate files and clean up dependencies 2026-04-09 11:58:57 -04:00
anti
551664bc43 fix: stabilize test suite by ensuring proper test DB isolation and initialization 2026-04-09 02:31:14 -04:00
anti
52c26a2891 feat: backend support for mandatory password change on first login 2026-04-07 15:15:03 -04:00
anti
697929a127 feat: implement Stats endpoints for web dashboard 2026-04-07 14:58:09 -04:00
anti
b46934db46 feat: implement Logs endpoints for web dashboard 2026-04-07 14:56:25 -04:00
anti
5b990743db feat: implement Auth endpoints for web dashboard 2026-04-07 14:54:36 -04:00