dashcaddy

sami7777/dashcaddy

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sami	6979302fb7	Fix 7 critical security bugs and 1 high-severity data loss bug - CSRF: HMAC-signed double-submit cookie (server-bound, not raw compare) - Keychain: execFileSync with arg arrays to prevent command injection - Caddy config: always use structured generation, never accept raw config - Templates: replace {{GENERATED_SECRET}} with crypto.randomBytes - Caddyfile removal: move regex inside ctx.caddy.modify() to fix TOCTOU race - Credentials: proper-lockfile for all file operations, fix key rotation to decrypt with old key before generating new key - Service removal: filter by ID only, not AND with appTemplate Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-06 23:08:30 -08:00
Sami	f61e85d9a7	Initial commit: DashCaddy v1.0 Full codebase including API server (32 modules + routes), dashboard frontend, DashCA certificate distribution, installer script, and deployment skills.	2026-03-05 02:26:12 -08:00

Author

SHA1

Message

Date

Sami

6979302fb7

Fix 7 critical security bugs and 1 high-severity data loss bug

- CSRF: HMAC-signed double-submit cookie (server-bound, not raw compare)
- Keychain: execFileSync with arg arrays to prevent command injection
- Caddy config: always use structured generation, never accept raw config
- Templates: replace {{GENERATED_SECRET}} with crypto.randomBytes
- Caddyfile removal: move regex inside ctx.caddy.modify() to fix TOCTOU race
- Credentials: proper-lockfile for all file operations, fix key rotation
  to decrypt with old key before generating new key
- Service removal: filter by ID only, not AND with appTemplate

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-06 23:08:30 -08:00

Sami

f61e85d9a7

Initial commit: DashCaddy v1.0

Full codebase including API server (32 modules + routes), dashboard frontend,
DashCA certificate distribution, installer script, and deployment skills.

2026-03-05 02:26:12 -08:00

2 Commits