Add security improvements: refresh tokens, passkeys, CSP, audit logging, TOTP encryption
- Shorten access token to 30min with 7-day refresh token flow - Add WebAuthn passkey registration and login with TOTP fallback - Add Content-Security-Policy header - Add audit logging middleware to /volume1/docker/nas-dashboard/audit.log - Block /volume1/docker/ in files endpoint - Encrypt TOTP secret at rest with Fernet (derived from SECRET_KEY) - New deps: py_webauthn, cryptography
This commit is contained in:
@@ -9,7 +9,7 @@
|
||||
import Settings from "./routes/Settings.svelte";
|
||||
import Login from "./routes/Login.svelte";
|
||||
import { onMount } from "svelte";
|
||||
import { getToken, checkAuth, setToken } from "./lib/api.js";
|
||||
import { getToken, checkAuth, setToken, setRefreshToken } from "./lib/api.js";
|
||||
|
||||
let page = $state("dashboard");
|
||||
let dark = $state(false);
|
||||
@@ -60,6 +60,7 @@
|
||||
|
||||
function logout() {
|
||||
setToken("");
|
||||
setRefreshToken("");
|
||||
window.location.reload();
|
||||
}
|
||||
</script>
|
||||
|
||||
Reference in New Issue
Block a user