Timmy-time-dashboard

perplexity/Timmy-time-dashboard

Archived

Fork 0

forked from Rockachopa/Timmy-time-dashboard

Commit Graph

Author	SHA1	Message	Date
Alexander Whitestone	b8ff534ad8	Security: Enhance CSRF protection with form field support and stricter validation (#128 )	2026-03-05 07:04:30 -05:00
AlexanderWhitestone	5e8766cef0	Fix build issues, implement missing routes, and stabilize e2e tests for production readiness	2026-03-04 17:15:46 -05:00
Alexander Whitestone	3a8496a3f1	feat: add security middleware suite - CSRF, security headers, and request logging (#102 ) Implements three security middleware components with full test coverage: - CSRF Protection: Token generation/validation, safe method allowlist, auto-exempt webhooks, constant-time comparison for timing attack prevention - Security Headers: X-Content-Type-Options, X-Frame-Options, CSP, Permissions-Policy, Referrer-Policy, HSTS (production) - Request Logging: Method/path/status/duration logging with correlation IDs, configurable path exclusions, X-Forwarded-For support Also fixes Discord test isolation issue where settings.discord_token was not being properly reset between tests. New files: - src/dashboard/middleware/{csrf,security_headers,request_logging}.py - tests/dashboard/middleware/test_{csrf,security_headers,request_logging}.py Addresses design review recommendations R3, R8, R9, R4. All tests pass: 1950 passed, 40 skipped Co-authored-by: Alexander Payne <apayne@MM.local>	2026-02-28 23:21:09 -05:00

Author

SHA1

Message

Date

Alexander Whitestone

b8ff534ad8

Security: Enhance CSRF protection with form field support and stricter validation (#128 )

2026-03-05 07:04:30 -05:00

AlexanderWhitestone

5e8766cef0

Fix build issues, implement missing routes, and stabilize e2e tests for production readiness

2026-03-04 17:15:46 -05:00

Alexander Whitestone

3a8496a3f1

feat: add security middleware suite - CSRF, security headers, and request logging (#102 )

Implements three security middleware components with full test coverage:

- CSRF Protection: Token generation/validation, safe method allowlist,
  auto-exempt webhooks, constant-time comparison for timing attack prevention

- Security Headers: X-Content-Type-Options, X-Frame-Options, CSP,
  Permissions-Policy, Referrer-Policy, HSTS (production)

- Request Logging: Method/path/status/duration logging with correlation IDs,
  configurable path exclusions, X-Forwarded-For support

Also fixes Discord test isolation issue where settings.discord_token
was not being properly reset between tests.

New files:
- src/dashboard/middleware/{csrf,security_headers,request_logging}.py
- tests/dashboard/middleware/test_{csrf,security_headers,request_logging}.py

Addresses design review recommendations R3, R8, R9, R4.

All tests pass: 1950 passed, 40 skipped

Co-authored-by: Alexander Payne <apayne@MM.local>

2026-02-28 23:21:09 -05:00

3 Commits