quant/galaxis-po
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
169 Commits 1 Branch 0 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
머니페니
98a161574e security: migrate JWT from localStorage to httpOnly cookie 
Eliminates XSS token theft by storing JWT in httpOnly Secure cookie
instead of localStorage. Backend sets cookie on login and clears on
logout. Token extraction uses cookie-first with Authorization header
fallback for backward compatibility with existing tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 22:30:47 +09:00
zephyrdark
1dae2945c3 feat: client-side password hashing and admin user auto-seeding
All checks were successful
Deploy to Production / deploy (push) Successful in 1m31s
Details 
- Hash passwords with SHA-256 on frontend before transmission to prevent
  raw password exposure in network traffic and server logs
- Switch login endpoint from OAuth2 form-data to JSON body
- Auto-create admin user on startup from ADMIN_USERNAME/ADMIN_PASSWORD
  env vars, solving login failure after registration was disabled
- Update auth tests to match new SHA-256 + JSON login flow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:21:36 +09:00
zephyrdark
d6e45d01a6 feat: disable user registration endpoint
All checks were successful
Deploy to Production / deploy (push) Successful in 1m7s
Details 
Personal-use service — no new account creation needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 00:17:21 +09:00
zephyrdark
39edc202f8 feat: add authentication API with login, register, and user endpoints 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 23:20:32 +09:00