github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71 Commits 1 Branch 0 Tags
aeb530515e030ec1d309c549853aa5df2647ff24
Commit Graph

4 Commits

Author SHA1 Message Date
Maurice
d845057f84 Security hardening, backup restore fix & restore warning modal 
- Fix backup restore: try/finally ensures DB always reopens after closeDb
- Fix EBUSY on uploads during restore (in-place overwrite instead of rmSync)
- Add DB proxy null guard for clearer errors during restore window
- Add red warning modal before backup restore (DE/EN, dark mode support)
- JWT secret: empty docker-compose default so auto-generation kicks in
- OIDC: pass token via URL fragment instead of query param (no server logs)
- Block SVG uploads on photos, files and covers (stored XSS prevention)
- Add helmet for security headers (HSTS, X-Frame, nosniff, etc.)
- Explicit express.json body size limit (100kb)
- Fix XSS in Leaflet map markers (escape image_url in HTML)
- Remove verbose WebSocket debug logging from client
 2026-03-21 15:09:41 +01:00
Maurice
3b683519c9 Add Docker Hub image support and update deployment docs 2026-03-19 00:18:39 +01:00
Maurice
8601370a47 Allow all origins by default, restrict only when ALLOWED_ORIGINS is set 
Same-origin requests don't need CORS restrictions. Users can optionally
set ALLOWED_ORIGINS to lock it down.
 2026-03-19 00:13:23 +01:00
Maurice
cb1e217bbe Initial commit — NOMAD (Navigation Organizer for Maps, Activities & Destinations) 
Self-hosted travel planner with Express.js, SQLite, React & Tailwind CSS.
 2026-03-18 23:58:08 +01:00