cookie-tracker

adamp/cookie-tracker

Fork 0

Commit Graph

Author	SHA1	Message	Date
adamp	39b2ce73da	Fix critical security vulnerabilities and data integrity issues - Use timing-safe comparisons for HMAC verification and password checks - Add login rate limiting (5 attempts/minute per IP) - Lock down CORS to Vite dev origin only (not needed in production) - Derive signing key from APP_PASSWORD instead of using it directly - Replace hand-rolled cookie parsing with cookie-parser middleware - Wrap all order mutations in SQLite transactions - Fix TOCTOU race on stock with atomic UPDATE...WHERE quantity >= ? - Fix APP_SECERT typo in .env (gitignored, local fix only) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 18:04:24 -06:00
adamp	b0e4e977c1	Initial commit: cookie-tracker Girl Scout Cookie tracking app with Express/SQLite API and React/Vite client. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 17:48:42 -06:00

Author

SHA1

Message

Date

adamp

39b2ce73da

Fix critical security vulnerabilities and data integrity issues

- Use timing-safe comparisons for HMAC verification and password checks
- Add login rate limiting (5 attempts/minute per IP)
- Lock down CORS to Vite dev origin only (not needed in production)
- Derive signing key from APP_PASSWORD instead of using it directly
- Replace hand-rolled cookie parsing with cookie-parser middleware
- Wrap all order mutations in SQLite transactions
- Fix TOCTOU race on stock with atomic UPDATE...WHERE quantity >= ?
- Fix APP_SECERT typo in .env (gitignored, local fix only)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-09 18:04:24 -06:00

adamp

b0e4e977c1

Initial commit: cookie-tracker

Girl Scout Cookie tracking app with Express/SQLite API and React/Vite client.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-09 17:48:42 -06:00

2 Commits