Commit Graph

4 Commits

Author SHA1 Message Date
Gan, Jimmy 394a1aa367 security: harden dashboard (SSH keys, auth, uploads, CORS, non-root)
Remove SSH private keys from git, add SECRET_KEY validation, move WS
auth from query string to first message, add session limits/idle timeout,
PBKDF2 Fernet key, refresh token rotation, TOTP replay protection,
file upload size limit + filename sanitization, symlink safety check,
restrict CORS methods, IP-gate OpenClaw token, run container as non-root,
rate-limit refresh/passkey endpoints, sanitize Gitea path params.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-26 17:22:25 +08:00
Gan, Jimmy f1e802e01b CI: add build step to deploy workflow
- Clone from local Gitea instead of actions/checkout
- Build with legacy builder (DOCKER_BUILDKIT=0) for Docker mirror support
- Use npm China mirror (registry.npmmirror.com) in Dockerfile
- Combined npm install+build in single RUN step
- Removed stale proxy env vars
2026-02-25 21:14:00 +08:00
Gan, Jimmy ee2e5dcb3c Terminal: SSH to NAS host instead of container shell
- Rewrite terminal.py to use asyncssh instead of pty/fork
- Add SSH key pair for dashboard container auth
- Mount SSH key and add SSH config vars in docker-compose
- Install openssh-client in Dockerfile
- Add asyncssh to requirements.txt
2026-02-19 19:24:38 +08:00
Gan, Jimmy 70aa421d7f Add NAS dashboard MVP: Docker mgmt, Gitea, Files, Terminal 2026-02-19 01:59:50 +08:00