9d4d869d57
- Replace hardcoded JWT secret with randomly generated key persisted to file - Replace hardcoded default password with random password shown in logs - Migrate token storage from localStorage to HttpOnly SameSite=strict cookie - Add IP-based login rate limiter (5 attempts / 15 min, 429 on lockout) - Add token_version for JWT revocation on password change - Add password strength validation (min 6 chars, 3+ unique characters) - Inject decoded user payload into request.state.user in auth middleware - Add /api/auth/me and /api/auth/logout endpoints - Narrow auth middleware exception handling (JWTError only, not all Exception) - Update updated_at timestamp on password change - Remove localStorage token management from frontend (axios, router, store) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
17 lines
624 B
HTML
17 lines
624 B
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>webui</title>
|
|
<script type="module" crossorigin src="/assets/index-BMiBC4ZK.js"></script>
|
|
<link rel="modulepreload" crossorigin href="/assets/vendor-CwFI-VDq.js">
|
|
<link rel="modulepreload" crossorigin href="/assets/element-plus-DsX44Q4d.js">
|
|
<link rel="stylesheet" crossorigin href="/assets/index-BI3KBgCV.css">
|
|
</head>
|
|
<body>
|
|
<div id="app"></div>
|
|
|
|
</body>
|
|
</html>
|