k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fedd559fd686951d7ea0c95d2b951ee498415ddf
TREK/server
T
History
Claude fedd559fd6 fix: pin JWT algorithm to HS256 and harden token security 
- Add { algorithms: ['HS256'] } to all jwt.verify() calls to prevent
  algorithm confusion attacks (including the 'none' algorithm)
- Add { algorithm: 'HS256' } to all jwt.sign() calls for consistency
- Reduce OIDC token payload to only { id } (was leaking username, email, role)
- Validate OIDC redirect URI against APP_URL env var when configured
- Add startup warning when JWT_SECRET is auto-generated

https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
2026-03-31 00:33:53 +00:00
..
src
fix: pin JWT algorithm to HS256 and harden token security
2026-03-31 00:33:53 +00:00
.env.example
harden runtime config and automate first-run permissions
2026-03-30 13:19:01 -03:00
package-lock.json
Merge branch 'pr-125'
2026-03-30 23:10:34 +02:00
package.json
Merge branch 'pr-125'
2026-03-30 23:10:34 +02:00
reset-admin.js
Stabilize core: better-sqlite3, versioned migrations, graceful shutdown
2026-03-22 17:52:24 +01:00
tsconfig.json
some fixes
2026-03-30 06:59:24 +02:00