- Phase 1: Require authentication for API register endpoint; restrict role creation - Phase 2: Add $fillable whitelist to Server model to prevent mass assignment - Phase 3: Fix XSS via escapeHtml in sidebar, JSON_HEX_TAG in script embeds - Phase 4: Add canView() checks to TerminalController history/clearHistory - Phase 5: escapeshellarg() on certbot params, sanitize service names, regex-based command blocklist, suppress exception messages - Phase 6: SESSION_SECURE=true, SameSite=Strict, logout via POST+CSRF, chmod 640 .env - Phase 7: DB-based rate limiting replacing session-based, applied to API login/register
9 lines
317 B
SQL
9 lines
317 B
SQL
-- Migration 015: Rate limiting storage
|
|
CREATE TABLE IF NOT EXISTS rate_limits (
|
|
id INT AUTO_INCREMENT PRIMARY KEY,
|
|
identifier VARCHAR(255) NOT NULL,
|
|
attempts INT NOT NULL DEFAULT 1,
|
|
first_attempt_at BIGINT NOT NULL,
|
|
UNIQUE KEY idx_identifier (identifier)
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|