remotelink-docker

monoadmin/remotelink-docker

Fork 0

Commit Graph

Author	SHA1	Message	Date
monoadmin	27673daa63	Fix critical and high security issues - exec_script: relay now enforces admin role before forwarding to agent - relay CORS: restrict allow_origins via ALLOWED_ORIGINS env var (docker-compose passes app URL) - session-code: replace Math.random() with crypto.randomInt, add per-key rate limit (10 req/min) - sessions GET: fix IDOR — users can only read their own sessions (admins see all) - signal API: validate session ownership on create; enforce ownerUserId on all subsequent actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-10 23:38:03 -07:00
monoadmin	b2be19ed14	Initial commit	2026-04-10 15:36:33 -07:00

Author

SHA1

Message

Date

monoadmin

27673daa63

Fix critical and high security issues

- exec_script: relay now enforces admin role before forwarding to agent
- relay CORS: restrict allow_origins via ALLOWED_ORIGINS env var (docker-compose passes app URL)
- session-code: replace Math.random() with crypto.randomInt, add per-key rate limit (10 req/min)
- sessions GET: fix IDOR — users can only read their own sessions (admins see all)
- signal API: validate session ownership on create; enforce ownerUserId on all subsequent actions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-10 23:38:03 -07:00

monoadmin

b2be19ed14

Initial commit

2026-04-10 15:36:33 -07:00

2 Commits