sofarr

Gandalf/sofarr

Fork 0

Commit Graph

Author	SHA1	Message	Date
gronod	de8563704a	security: ensure log files excluded recursively from git and Docker builds (issue #16 ) Build and Push Docker Image / build (push) Successful in 33s Details .log only matched root-level logs; add /.log to cover server/server.log and any other subdirectory log files in both .gitignore and .dockerignore.	2026-05-16 15:08:44 +01:00
gronod	83049786eb	security: fix issues #1-4 from security audit Build and Push Docker Image / build (push) Successful in 39s Details #1 Session cookie: add secure (production-only) and sameSite=strict to prevent transmission over HTTP and cross-site request abuse. #2 Remove Emby AccessToken from cookie payload — it was stored in the browser cookie but is never needed client-side; reduces blast radius if cookie is ever exposed. #3 Add requireAuth middleware to all proxy routes (/api/emby, /api/sabnzbd, /api/sonarr, /api/radarr) — previously unauthenticated, now require a valid emby_user session cookie. #4 Remove open CORS wildcard (cors() with no options). The frontend is served from the same origin so no CORS headers are required. Also update clearCookie() to include matching cookie options.	2026-05-16 15:07:50 +01:00
gronod	87f8c2d42b	ci: add Dockerfile and Gitea Actions workflow for automated image builds Build and Push Docker Image / build (push) Has been cancelled Details - Dockerfile based on node:18-alpine - Gitea Actions workflow triggers on push to release/* branches - Builds and pushes to Gitea container registry with version tags	2026-05-15 15:15:09 +01:00

Author

SHA1

Message

Date

gronod

de8563704a

security: ensure log files excluded recursively from git and Docker builds (issue #16 )

Build and Push Docker Image / build (push) Successful in 33s

Details

*.log only matched root-level logs; add **/*.log to cover server/server.log
and any other subdirectory log files in both .gitignore and .dockerignore.

2026-05-16 15:08:44 +01:00

gronod

83049786eb

security: fix issues #1-4 from security audit

Build and Push Docker Image / build (push) Successful in 39s

Details

#1 Session cookie: add secure (production-only) and sameSite=strict
    to prevent transmission over HTTP and cross-site request abuse.
#2 Remove Emby AccessToken from cookie payload — it was stored in
    the browser cookie but is never needed client-side; reduces blast
    radius if cookie is ever exposed.
#3 Add requireAuth middleware to all proxy routes (/api/emby,
    /api/sabnzbd, /api/sonarr, /api/radarr) — previously unauthenticated,
    now require a valid emby_user session cookie.
#4 Remove open CORS wildcard (cors() with no options). The frontend
    is served from the same origin so no CORS headers are required.
    Also update clearCookie() to include matching cookie options.

2026-05-16 15:07:50 +01:00

gronod

87f8c2d42b

ci: add Dockerfile and Gitea Actions workflow for automated image builds

Build and Push Docker Image / build (push) Has been cancelled

Details

- Dockerfile based on node:18-alpine
- Gitea Actions workflow triggers on push to release/* branches
- Builds and pushes to Gitea container registry with version tags

2026-05-15 15:15:09 +01:00

3 Commits