copilot-swe-agent[bot] d7a7915f8b Add security hardening: input validation, CSP headers, backup rotation, error handling ...

- Add collection name validation and sanitization (POST/PUT)
- Add library items count and size limits
- Add UUID/safe ID validation for route parameters
- Add Socket.io event input validation and sanitization
- Tighten CSP with base-uri, form-action directives and HSTS header
- Add timestamped backup rotation (keep 5 most recent) for db import
- Add path traversal protection for file uploads and archive names
- Add global error handler to prevent stack trace leakage
- Add 21 new security tests

Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>

2026-02-06 22:33:44 +00:00

..

prisma

Testing infrastructure, fix truncating of dataURLs (#26)

2025-12-19 15:09:15 -08:00

src

Add security hardening: input validation, CSP headers, backup rotation, error handling

2026-02-06 22:33:44 +00:00

.dockerignore

Dockerize

2025-11-22 09:18:20 -08:00

.env.example

add prisma cli to dependencies, make zod checks more permissive

2025-11-23 07:08:41 -08:00

.gitignore

MVP

2025-11-21 19:18:07 -08:00

dev.db

fix: realign sqlite path and stabilize client data

2025-11-22 16:26:28 -08:00

docker-entrypoint.sh

fix migration issues

2025-11-24 14:53:17 -08:00

Dockerfile

add prisma cli to dependencies, make zod checks more permissive

2025-11-23 07:08:41 -08:00

package-lock.json

initial plan for security review improvements

2026-02-06 22:30:51 +00:00

package.json

chore: release v0.3.2

2026-02-01 16:06:19 -08:00

prisma.config.ts

MVP

2025-11-21 19:18:07 -08:00

tsconfig.json

fix database import in docker

2025-11-23 09:40:00 -08:00

vitest.config.ts

Testing infrastructure, fix truncating of dataURLs (#26)

2025-12-19 15:09:15 -08:00