hypermc/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d99fa2efcd901d237256e24abec128b2484401d
panel/includes
History
MCHost 697785d9fc Enhance security and fix issues in secure-auth.js 
This commit significantly improves the security and reliability of the
authentication module while maintaining all original functionality. Key changes:

- Security: Added input sanitization (sanitize-html, validator), rate limiting
  (rate-limiter-flexible), CSRF protection (csurf), secure headers (helmet),
  and logging (winston). Implemented secure token generation with HMAC-SHA256.
- Bug Fixes: Fixed username validation to allow underscores. Relaxed IP and
  user-agent checks for local IPs to resolve "Invalid session" errors. Fixed
  CSP violation for inline scripts using a nonce-based approach.
- Client-Side: Added debug logging, fallback meta refresh, and improved error
  handling in the auto-login script.
- Logging: Enhanced logging for debugging (user-agent mismatches, invalid inputs).
- Config: Added STRICT_USER_AGENT_CHECK env var for production flexibility.
2025-06-16 14:19:54 -04:00
..
api.js
Refactor: Initial code split into includes directory for modularity
2025-06-16 12:30:18 -04:00
auth.js
Enhance security and fix issues in secure-auth.js
2025-06-16 14:19:54 -04:00
docker.js
Refactor: Initial code split into includes directory for modularity
2025-06-16 12:30:18 -04:00
status.js
Add status Bin Source Code Link to Status.js
2025-06-16 13:12:24 -04:00
websocket.js
hide error
2025-06-16 13:57:23 -04:00