security: Sprint 00 — critical security fixes (OPC WS auth, Transmission creds, SECRET_KEY, passkey rate limit)
- Add JWT token auth to OPC WebSocket (unauthenticated → 403, per-user tracking) - Externalize Transmission RPC credentials to TRANSMISSION_USER/PASS env vars - Remove hardcoded SECRET_KEY fallback from dev compose - Rate-limit passkey register options endpoint at 5/minute - Add PDD (docs/improvement-plan.md) and sprint specs (specs/) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -18,7 +18,7 @@ services:
|
||||
- CADDY_VPS_SSH_USER=ubuntu
|
||||
- MAC_SSH_HOST=192.168.31.22
|
||||
- MAC_SSH_USER=jimmyg
|
||||
- SECRET_KEY=${SECRET_KEY:-c0e8dcd74b2d70c596dfa03928f2582ca8d88af04896a82ee6c2aeeaa6bd6199}
|
||||
- SECRET_KEY=${SECRET_KEY}
|
||||
- ADMIN_USER=jimmy
|
||||
- ADMIN_PASSWORD_HASH=${ADMIN_PASSWORD_HASH}
|
||||
- TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN:-}
|
||||
@@ -31,6 +31,8 @@ services:
|
||||
- LITELLM_API_KEY=anything
|
||||
- LITELLM_HEALTH_API_KEY=${LITELLM_HEALTH_API_KEY:-}
|
||||
- GITEA_DB_PASSWORD=${GITEA_DB_PASSWORD}
|
||||
- TRANSMISSION_USER=${TRANSMISSION_USER:-admin}
|
||||
- TRANSMISSION_PASS=${TRANSMISSION_PASS:-admin}
|
||||
volumes:
|
||||
- /volume1:/volume1
|
||||
- /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro
|
||||
|
||||
Reference in New Issue
Block a user