security: Sprint 00 — critical security fixes (OPC WS auth, Transmission creds, SECRET_KEY, passkey rate limit)
- Add JWT token auth to OPC WebSocket (unauthenticated → 403, per-user tracking) - Externalize Transmission RPC credentials to TRANSMISSION_USER/PASS env vars - Remove hardcoded SECRET_KEY fallback from dev compose - Rate-limit passkey register options endpoint at 5/minute - Add PDD (docs/improvement-plan.md) and sprint specs (specs/) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -18,6 +18,8 @@ os.environ.setdefault("VOLUME_ROOT", "/tmp/test-volume")
|
||||
os.environ.setdefault("DOCKER_HOST", "tcp://mock-docker:2375")
|
||||
os.environ.setdefault("GITEA_URL", "http://mock-gitea:3000")
|
||||
os.environ.setdefault("GITEA_TOKEN", "mock-token")
|
||||
os.environ.setdefault("TRANSMISSION_USER", "test-tx-user")
|
||||
os.environ.setdefault("TRANSMISSION_PASS", "test-tx-pass")
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@@ -39,6 +41,8 @@ def mock_config(temp_volume_root, monkeypatch):
|
||||
monkeypatch.setenv("DOCKER_HOST", "tcp://mock-docker:2375")
|
||||
monkeypatch.setenv("GITEA_URL", "http://mock-gitea:3000")
|
||||
monkeypatch.setenv("GITEA_TOKEN", "mock-token")
|
||||
monkeypatch.setenv("TRANSMISSION_USER", "test-tx-user")
|
||||
monkeypatch.setenv("TRANSMISSION_PASS", "test-tx-pass")
|
||||
|
||||
# Reload config module to pick up new env vars
|
||||
import importlib
|
||||
|
||||
Reference in New Issue
Block a user