697785d9fc
This commit significantly improves the security and reliability of the authentication module while maintaining all original functionality. Key changes: - Security: Added input sanitization (sanitize-html, validator), rate limiting (rate-limiter-flexible), CSRF protection (csurf), secure headers (helmet), and logging (winston). Implemented secure token generation with HMAC-SHA256. - Bug Fixes: Fixed username validation to allow underscores. Relaxed IP and user-agent checks for local IPs to resolve "Invalid session" errors. Fixed CSP violation for inline scripts using a nonce-based approach. - Client-Side: Added debug logging, fallback meta refresh, and improved error handling in the auto-login script. - Logging: Enhanced logging for debugging (user-agent mismatches, invalid inputs). - Config: Added STRICT_USER_AGENT_CHECK env var for production flexibility.
40 lines
1.1 KiB
JSON
40 lines
1.1 KiB
JSON
{
|
|
"name": "my-mc-panel",
|
|
"version": "1.0.0",
|
|
"description": "Web panel for My-MC API with Docker integration",
|
|
"main": "server.js",
|
|
"type": "module",
|
|
"scripts": {
|
|
"start": "node server.js",
|
|
"build:css": "postcss public/css/styles.css -o public/css/styles.min.css",
|
|
"watch:css": "postcss public/css/styles.css -o public/css/styles.min.css --watch"
|
|
},
|
|
"dependencies": {
|
|
"@tailwindcss/cli": "^4.1.8",
|
|
"@tailwindcss/postcss": "^4.1.8",
|
|
"axios": "^1.10.0",
|
|
"cookie-parser": "^1.4.7",
|
|
"cors": "^2.8.5",
|
|
"csurf": "^1.11.0",
|
|
"dockerode": "^4.0.2",
|
|
"dotenv": "^16.5.0",
|
|
"envalid": "^8.0.0",
|
|
"express": "^4.21.2",
|
|
"helmet": "^8.1.0",
|
|
"node-fetch": "^2.7.0",
|
|
"rate-limiter-flexible": "^7.1.1",
|
|
"sanitize-html": "^2.17.0",
|
|
"ssh2-sftp-client": "^12.0.0",
|
|
"unirest": "^0.6.0",
|
|
"validator": "^13.15.15",
|
|
"winston": "^3.17.0",
|
|
"ws": "^8.18.2"
|
|
},
|
|
"devDependencies": {
|
|
"autoprefixer": "^10.4.21",
|
|
"postcss": "^8.5.4",
|
|
"postcss-cli": "^11.0.1",
|
|
"tailwindcss": "^4.1.8"
|
|
}
|
|
}
|