quant/galaxis-po
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
195 Commits 1 Branch 0 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
머니페니
120a8546cb fix: 테스트 리포트 보완 계획 전체 구현
Some checks failed
Deploy to Production / deploy (push) Failing after 2m38s
Details
2026-05-10 16:44:05 +09:00
머니페니
98a161574e security: migrate JWT from localStorage to httpOnly cookie 
Eliminates XSS token theft by storing JWT in httpOnly Secure cookie
instead of localStorage. Backend sets cookie on login and clears on
logout. Token extraction uses cookie-first with Authorization header
fallback for backward compatibility with existing tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-18 22:30:47 +09:00
zephyrdark
1dae2945c3 feat: client-side password hashing and admin user auto-seeding
All checks were successful
Deploy to Production / deploy (push) Successful in 1m31s
Details 
- Hash passwords with SHA-256 on frontend before transmission to prevent
  raw password exposure in network traffic and server logs
- Switch login endpoint from OAuth2 form-data to JSON body
- Auto-create admin user on startup from ADMIN_USERNAME/ADMIN_PASSWORD
  env vars, solving login failure after registration was disabled
- Update auth tests to match new SHA-256 + JSON login flow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:21:36 +09:00
zephyrdark
39d2226d95 feat: production deployment setup with Gitea Actions CI/CD
Some checks failed
Deploy to Production / deploy (push) Failing after 46s
Details 
- Remove nginx from docker-compose.prod.yml (NPM handles reverse proxy)
- Add Next.js rewrites to proxy /api/* to backend (backend fully hidden)
- Bind frontend to 127.0.0.1:3000 only (NPM proxies externally)
- Replace hardcoded localhost:8000 in history page with api client
- Make CORS origins configurable via environment variable
- Restrict CORS methods to GET/POST/PUT/DELETE
- Add Gitea Actions deploy workflow with secrets-based env management
- Add security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
- Add BACKEND_URL build arg to frontend Dockerfile for standalone builds

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-07 23:09:22 +09:00
zephyrdark
6e30ecea03 feat(frontend): initialize shadcn/ui configuration 
- Add tailwind.config.ts with shadcn/ui theme colors
- Update globals.css with CSS variables for dark/light mode
- Add utils.ts with cn() helper function
- Add components.json for shadcn/ui CLI
- Update postcss.config.mjs with autoprefixer
- Exclude playwright config from tsconfig to fix build

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 22:17:26 +09:00
zephyrdark
19d5527a71 feat: add frontend base layout with sidebar, header, and login page 
- Add API client utility (frontend/src/lib/api.ts) with JWT authentication
- Add Sidebar component with navigation menu (Korean labels)
- Add Header component with logout functionality
- Update globals.css with Tailwind CSS configuration
- Update layout.tsx with Inter font and Korean language
- Update page.tsx with dashboard layout and auth check
- Add login page with form validation and error handling
- Fix .gitignore to not exclude frontend/src/lib/

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 23:24:06 +09:00