Gan, Jimmy
394a1aa367
security: harden dashboard (SSH keys, auth, uploads, CORS, non-root)
...
Remove SSH private keys from git, add SECRET_KEY validation, move WS
auth from query string to first message, add session limits/idle timeout,
PBKDF2 Fernet key, refresh token rotation, TOTP replay protection,
file upload size limit + filename sanitization, symlink safety check,
restrict CORS methods, IP-gate OpenClaw token, run container as non-root,
rate-limit refresh/passkey endpoints, sanitize Gitea path params.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-02-26 17:22:25 +08:00
Gan, Jimmy
64ecd99dc7
Add OpenClaw, backup automation, health checks, Telegram notifications
...
Phase 6: OpenClaw docker-compose (port 3100) with health check
Phase 9: Enhanced backup.sh with full DB/config coverage + Telegram alerts
Phase 10: Health checks on all compose files, /api/system/notify endpoint
2026-02-19 21:40:34 +08:00