faral/pokerface
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pokerface/backend/src
History
Jan Willem Mannaerts 03ba19042d
All checks were successful
Build & Push Container Image / build (push) Successful in 11s
Details
Harden security across frontend and backend 
1. AdfRenderer: validate href starts with https?:// before rendering links
2. Logout route: add requireAuth middleware
3. Jira API params: validate sprintId, boardId, issueIdOrKey are alphanumeric
4. CSP header: add Content-Security-Policy with restrictive defaults
5. OAuth callback: align frontendUrl fallback with index.js
6. Rate limiting: express-rate-limit on API routes + Socket.IO event throttling
7. Session KV keys: prefix with cloudId for tenant isolation defense-in-depth
8. saveScopedEstimate: use withSessionCas for atomic read-update-delete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 16:05:48 +01:00
..
lib Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00
middleware Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00
routes Harden security across frontend and backend 2026-02-28 16:05:48 +01:00
services Harden security across frontend and backend 2026-02-28 16:05:48 +01:00
index.js Harden security across frontend and backend 2026-02-28 16:05:48 +01:00