BanGUI

lukas.pupkalipinski/BanGUI

Fork 0

Commit Graph

Author	SHA1	Message	Date
Lukas	dafe8d61e2	feat(security): add CSRF header constants and security-headers endpoint Move X-BanGUI-Request header name/value to backend/app/utils/constants.py as single source of truth. Add GET /api/v1/config/security-headers endpoint. Update csrf middleware, frontend api client, and docs to use shared constants.	2026-05-03 22:06:43 +02:00
Lukas	cee3daffc1	fix: enforce PRAGMA query_only on fail2ban DB and refactor CSRF cookie name - Add _acquire_readonly_connection() that applies PRAGMA query_only=ON after connect - Verify PRAGMA value back to catch URI flag bypasses - Wrap in async context manager _readonly_connection() used by all repo methods - Replace hardcoded '_SESSION_COOKIE_NAME' in CSRF middleware with import from app.utils.constants - Remove completed Issues #45 and #46 from Docs/Tasks.md (Issue #46 now fixed, #45 cache invalidation deferred to auth refactor branch) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-05-03 21:47:42 +02:00
Lukas	c2348d7075	Refactor backend architecture and update documentation - Add CSRF protection middleware implementation - Update API client with improved configuration - Enhance documentation for backend development - Add architecture documentation updates - Reorganize and clean up task documentation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-26 14:52:23 +02:00

Author

SHA1

Message

Date

Lukas

dafe8d61e2

feat(security): add CSRF header constants and security-headers endpoint

Move X-BanGUI-Request header name/value to backend/app/utils/constants.py as single source of truth. Add GET /api/v1/config/security-headers endpoint. Update csrf middleware, frontend api client, and docs to use shared constants.

2026-05-03 22:06:43 +02:00

Lukas

cee3daffc1

fix: enforce PRAGMA query_only on fail2ban DB and refactor CSRF cookie name

- Add _acquire_readonly_connection() that applies PRAGMA query_only=ON after connect
- Verify PRAGMA value back to catch URI flag bypasses
- Wrap in async context manager _readonly_connection() used by all repo methods
- Replace hardcoded '_SESSION_COOKIE_NAME' in CSRF middleware with import from
  app.utils.constants
- Remove completed Issues #45 and #46 from Docs/Tasks.md (Issue #46 now fixed,
  #45 cache invalidation deferred to auth refactor branch)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-05-03 21:47:42 +02:00

Lukas

c2348d7075

Refactor backend architecture and update documentation

- Add CSRF protection middleware implementation
- Update API client with improved configuration
- Enhance documentation for backend development
- Add architecture documentation updates
- Reorganize and clean up task documentation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-26 14:52:23 +02:00

3 Commits