Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-05-15 07:32:23 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
screentinker/server
History
ScreenTinker f57fc5ad81 Security hardening: auth checks, XSS escaping, input validation 
- Add requireGroupOwnership middleware to all group endpoints
- Whitelist allowed command types (screen_on/off, launch, update, reboot, shutdown)
- Validate color format as #RRGGBB
- Escape all user-controlled strings (device/group names, emails) in dashboard HTML
- Restrict trust proxy to first hop only (prevents IP spoofing + rate limit bypass)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 22:09:40 -05:00
..
db Fix widget assignments, designer scaling, and cache strategy 2026-04-08 16:25:05 -05:00
middleware Initial open source release 2026-04-08 12:14:53 -05:00
player Fix widget assignments, designer scaling, and cache strategy 2026-04-08 16:25:05 -05:00
routes Security hardening: auth checks, XSS escaping, input validation 2026-04-09 22:09:40 -05:00
services Initial open source release 2026-04-08 12:14:53 -05:00
ws Add device groups UI, group commands, proxy IP fix, and web player detection 2026-04-09 22:03:44 -05:00
config.js Initial open source release 2026-04-08 12:14:53 -05:00
package-lock.json Initial open source release 2026-04-08 12:14:53 -05:00
package.json Initial open source release 2026-04-08 12:14:53 -05:00
server.js Security hardening: auth checks, XSS escaping, input validation 2026-04-09 22:09:40 -05:00