Maurice eed9e8ce7c Reject WebSocket tokens minted before a password change ...

Stamp the user's password_version onto the ephemeral ws token and verify it on connect, closing the socket (4001) when it no longer matches, so a token issued before a password reset can't be replayed. Tokens minted without a version are treated as version 0, matching the JWT pv-claim semantics.

2026-05-31 15:52:19 +02:00

..

assets

refactor: move airports.json out of server/data into server/assets

2026-04-18 02:02:09 +02:00

public

v3.0.16 — bug fixes (#964)

2026-05-06 21:38:40 +02:00

scripts

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

src

Reject WebSocket tokens minted before a password change

2026-05-31 15:52:19 +02:00

tests

Reject WebSocket tokens minted before a password change

2026-05-31 15:52:19 +02:00

.env.example

fix: add APP_VERSION fallback and HOST bind address env var (#952 #953) (#955)

2026-05-04 14:21:55 +02:00

.prettierrc

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

package.json

Finish the NestJS migration — drop the legacy Express app

2026-05-31 13:29:22 +02:00

reset-admin.js

Stabilize core: better-sqlite3, versioned migrations, graceful shutdown

2026-03-22 17:52:24 +01:00

tsconfig.build.json

Phase 0 — NestJS + Zod foundation harness (F1–F8) (#1050)

2026-05-25 14:29:30 +02:00

tsconfig.json

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00

vitest.config.ts

chore: fix monorepo build pipeline and migrate shared to built package (#1056)

2026-05-25 21:44:58 +02:00