fix(security): address multiple security findings from audit
- Fix SQLCipher PRAGMA key interpolation (hex-encode key to prevent crash on single quotes) - Enforce min password length (8 chars) on admin user creation - Add length bounds on username/display_name and login inputs - Invalidate other sessions on password change - Multi-stage Docker build (exclude build tools from runtime) - Exclude docs/ from Docker image - Consolidate dotenv.config() to single entry point - Document flat family authorization model in SECURITY.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ulas
+2
-5
@@ -9,11 +9,8 @@ node_modules
|
||||
.gitignore
|
||||
.dockerignore
|
||||
|
||||
# Documentation & screenshots (not needed at runtime)
|
||||
docs/screenshots/
|
||||
docs/superpowers/
|
||||
docs/social-preview.png
|
||||
docs/logo.svg
|
||||
# Documentation (not needed at runtime)
|
||||
docs/
|
||||
|
||||
# Tests
|
||||
test-*.js
|
||||
|
||||
Reference in New Issue
Block a user