seth.computer
stdeditor#
To install dependencies:
bun install
To run:
bun run index.ts
This project was created using bun init in bun v1.3.5. Bun is a fast all-in-one JavaScript runtime.
this repo has no description
TypeScript
86.6%
CSS
13.0%
Other
0.4%
6
3
0
Clone this repository
https://tangled.org/seth.computer/sitebase
https://tangled.org/did:plc:imyu7ayhf22ffhscek4l5da3/sitebase
git@knot.tangled.wizardry.systems:seth.computer/sitebase
git@knot.tangled.wizardry.systems:did:plc:imyu7ayhf22ffhscek4l5da3/sitebase
For self-hosted knots, clone URLs may differ based on your setup.
Download tar.gz
Co-authored-by: Shelley <shelley@exe.dev>
- Add file-based logger (data/app.log) with JSON metadata support
- Add database cleanup script (hourly via cron)
- Removes OAuth states older than 1 hour
- Removes sessions older than 30 days
- Vacuums SQLite database
- Configure logrotate for app.log and cleanup.log
- Daily rotation, 14 days retention
- Compression enabled
Co-authored-by: Shelley <shelley@exe.dev>
Security fixes based on adversarial audit:
1. CSRF Protection (CRITICAL)
- Added CSRF middleware with double-submit cookie pattern
- All POST forms now include hidden _csrf field
- Tokens validated on all state-changing requests
2. Private Key Permissions (HIGH)
- Private key now written with mode 0600 (owner read/write only)
- Prevents other system users from reading the key
3. Input Validation (MEDIUM)
- Added TID format validation for rkey parameters
- Prevents potential path traversal or injection via malformed IDs
4. Added validation library for future use
- TID validation
- HTTPS URL validation
- String sanitization helper
Co-authored-by: Shelley <shelley@exe.dev>
README.md