|
|
4b2173cb84
|
Secure cookie flags + CSRF for our own POST forms (todo §4); SECURE_COOKIES toggle on session/CSRF cookies; csrf.ts signed double-submit token + body.ts form reader; logout is now a CSRF-guarded POST form
|
2026-06-18 11:12:32 +02:00 |
|
|
|
c8b56b85eb
|
JWT session middleware (todo §4); authenticate(): verify the session cookie via cached JWKS (key by kid) → exp/nbf/iss/aud claims (clock skew) → ctx.user/roles; iss/aud opt-in; fail-closed
|
2026-06-18 09:53:37 +02:00 |
|
|
|
360449e76b
|
Tighten §3 comments (todo §3); drop stale 'next §3 item' forward-refs, condense compose/Ory/bootstrap headers
|
2026-06-17 17:00:47 +02:00 |
|
|
|
e83cf4da88
|
Address project-wide review (todo §3); fix JWKS_URL default → tokenizer signing key + read-only web mount, cap bootstrap restart, --no-deps for unit commands
|
2026-06-17 16:49:37 +02:00 |
|
|
|
a070362649
|
Drop NODE_ENV for explicit config toggles (todo §0.1); app is environment-agnostic
|
2026-06-15 10:53:33 +02:00 |
|
|
|
1fb6f23805
|
Tighten code comments + README (todo §0): denser, drop redundant prose; no behavior change
|
2026-06-15 10:30:06 +02:00 |
|
|
|
0bc7998cfe
|
Add env/config loader (todo §0); validate at boot, wire port into server
|
2026-06-14 19:46:26 +02:00 |
|
