scripte/timemaster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3423b65b0bdfa8454e1904073f2c6a1fe92176f6
timemaster/timemaster.service
T
patrick f2e997475e
Security Audit / Python Dependency Audit (push) Has been cancelled
Details
Security Audit / Node.js Dependency Audit (push) Has been cancelled
Details
security: N-1 uvicorn proxy-headers + N-2 Token-Reuse-Detection + N-3 XSS-Audit + N-4 Token-URL-Fragment + N-5 pip-audit CI 
N-1: uvicorn --proxy-headers --forwarded-allow-ips=127.0.0.1
- timemaster.service: proxy-headers Flag gesetzt (beide Server)

N-2: Refresh-Token Re-Use-Detection
- auth_service.py: verbrauchter Token-Hash 48h in Redis (burned_token:<hash>)
- Bei erneutem Einsatz: alle Sessions invalidieren + AuditLog + HTTP 401

N-3: dangerouslySetInnerHTML-Audit
- Kein Vorkommen im Frontend gefunden — sauber

N-4: Reset/Invite-Token als URL-Fragment statt Query-Parameter
- email_service.py: ?token= → # (Fragment wird nicht in Referer gesendet)
- ResetPasswordPage.tsx: useSearchParams → window.location.hash.slice(1)
- Token-Lebensdauern geprüft: Reset 1h, Invite 7d — OK

N-5: Gitea CI Security-Workflow
- .gitea/workflows/security.yml: pip-audit + npm audit
- Trigger: push/PR auf main + wöchentlich montags

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-26 12:55:41 +02:00

16 lines
415 B
Desktop File
Raw Blame History

[Unit]
Description=TimeMaster Backend API
After=network.target postgresql.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/timemaster/backend
Environment=PATH=/opt/timemaster/backend/venv/bin
ExecStart=/opt/timemaster/backend/venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000 --proxy-headers --forwarded-allow-ips=127.0.0.1
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink