security: Sprint 00 — critical security fixes (OPC WS auth, Transmission creds, SECRET_KEY, passkey rate limit)
- Add JWT token auth to OPC WebSocket (unauthenticated → 403, per-user tracking) - Externalize Transmission RPC credentials to TRANSMISSION_USER/PASS env vars - Remove hardcoded SECRET_KEY fallback from dev compose - Rate-limit passkey register options endpoint at 5/minute - Add PDD (docs/improvement-plan.md) and sprint specs (specs/) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -53,6 +53,8 @@ services:
|
||||
- LITELLM_HEALTH_API_KEY=${LITELLM_HEALTH_API_KEY:-}
|
||||
- LITELLM_URL=http://litellm:4005
|
||||
- GITEA_DB_PASSWORD=${GITEA_DB_PASSWORD}
|
||||
- TRANSMISSION_USER=${TRANSMISSION_USER}
|
||||
- TRANSMISSION_PASS=${TRANSMISSION_PASS}
|
||||
volumes:
|
||||
- /volume1:/volume1
|
||||
- /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro
|
||||
|
||||
Reference in New Issue
Block a user