5a0c4641a1
Security audit fixes, mobile responsiveness across 40+ admin pages
...
Security hardening from Mar 31 audit:
- Separate login rate limit (10/15min) from general auth budget (15/15min)
- Timing-safe webhook secret comparison (Listmonk)
- Docs file creation ACL check (matches PUT/DELETE guards)
- Key separation warnings for GITEA_SSO_SECRET and SERVICE_PASSWORD_SALT
- Clear GITEA_ADMIN_PASSWORD from .env after auto-setup
- SQL injection prevention in effectiveness groupBy (pre-validated map)
- Token hashing for password reset and verification tokens
Mobile responsiveness (Phase 2C):
- Add MobilePageHeader component and useMobile hook
- Responsive table columns (hide secondary cols on mobile)
- scroll={{ x: 'max-content' }} across all data tables
- Mobile-adapted layouts for Dashboard, Settings, Calendar, SMS, Social pages
- Conditional toolbar buttons on mobile viewports
Infrastructure:
- Updated docker-compose and nginx templates
- Build script and mirror script updates
Bunker Admin
2026-03-31 18:30:17 -06:00
7287328148
Harden install pipeline: health checks, log rotation, backup timer
...
- install.sh: Add Docker daemon check, 10GB disk space pre-flight,
error handling on pull/up, post-startup health polling with crash
detection, cleanup trap on failure
- docker-compose: Fix nginx/listmonk depends_on to service_healthy,
add x-logging anchor (10m/3 files) to all ~39 services
- config.sh: Preserve existing secrets on re-run (reconfigure mode),
add automated daily backup timer (systemd, 02:00, 30-day retention)
- mirror-images.sh: Fix gotify source tag (2.9.0 not v2.9.0)
- build-release.sh: Ensure mkdocs/docs and mkdocs/overrides dirs exist
- .env.example: Add COMPOSE_PROFILES variable
Bunker Admin
2026-03-25 19:33:11 -06:00
