bunker-admin
91db29402c
Gitea SSO: cookie-based single sign-on via nginx auth_request — sets cml_session cookie on login/refresh, validates via /api/auth/gitea-sso-validate, injects X-WEBAUTH-USER header for reverse proxy auth. Dedicated GITEA_SSO_SECRET and SERVICE_PASSWORD_SALT env vars isolate secret rotation. Security fixes from March 30 audit: IDOR on ticketed events (requireEventOwnership middleware), IDOR on action items (admin/assignee/creator check), path traversal on photos (resolve-based validation), CSV upload size limit (5MB), shared calendar email exposure removed. Gitea provisioner: auto-sync docs repo collaborator access based on role (CONTENT_ROLES get write, SUPER_ADMIN gets admin). Gitea client extended with collaborator management API methods. Production hardening: NODE_ENV defaults to production in docker-compose.prod.yml, Grafana anonymous auth disabled, install.sh branch ref updated to main. Admin UI: moved docs reset from toolbar to MkDocs Settings danger zone, improved collab Ctrl+S to explicitly save + cache-bust preview. MkDocs site rebuild with updated repo data, upgrade screenshots, and content. Bunker Admin
16 lines
731 B
JSON
16 lines
731 B
JSON
{
|
|
"full_name": "admin/changemaker.lite",
|
|
"name": "changemaker.lite",
|
|
"description": "Changemaker-lite is the current active development branch of Changemaker, focused on streamlining core services. These improvements will be merged into the master branch once ready.",
|
|
"html_url": "http://gitea.bnkops.com/admin/changemaker.lite",
|
|
"language": "HTML",
|
|
"stars_count": 0,
|
|
"forks_count": 0,
|
|
"open_issues_count": 0,
|
|
"updated_at": "2026-03-30T11:54:37-06:00",
|
|
"created_at": "2025-05-28T14:54:59-06:00",
|
|
"clone_url": "https://gitea.bnkops.com/admin/changemaker.lite.git",
|
|
"ssh_url": "git@gitea.bnkops.com:admin/changemaker.lite.git",
|
|
"default_branch": "main",
|
|
"last_build_update": "2026-03-30T11:54:37-06:00"
|
|
} |