groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-19 18:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Part-DB-server/templates
History
Sebastian Almberg dd8698840d Harden backup security: password confirmation, CSRF, env toggle 
Address security review feedback from jbtronics:

- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
  backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
  contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
  whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
  enforcement, status/progress endpoint auth
2026-03-05 19:06:54 +01:00
..
admin Harden backup security: password confirmation, CSRF, env toggle 2026-03-05 19:06:54 +01:00
attachments Allow file downloads and modals in HTML sandbox 2026-02-24 22:57:48 +01:00
bundles/TwigBundle/Exception Allow to show what permissions a user is lacking in case of access denied message 2025-09-06 00:10:50 +02:00
components Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
form Fixed rendering of tristate checkboxes 2026-02-15 21:49:18 +01:00
info_providers Allow to import GTIN from info providers 2026-02-08 15:32:35 +01:00
label_system Label Scanner Enhancements: LCSC barcode, create part, augmented scanning (#1194) 2026-02-22 21:26:44 +01:00
log_system Include the query part of the request, when generating the url for the datatables via a custom twig function. 2024-10-16 23:57:02 +02:00
mail Use new settings system to configure the instance Name and homepage banner 2024-05-20 21:14:32 +02:00
parts Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
projects Use yellow alert box for notifying of empty bom on build, show infinite correclty and added translations 2025-10-18 23:32:20 +02:00
security Fixed login CSFR token error 2025-08-04 23:50:25 +02:00
settings Implemented the ability to set user-defined synonyms/labels for internal element types 2025-11-12 21:35:02 +01:00
tools Merge branch 'master' into settings-bundle 2025-01-17 22:06:18 +01:00
users Use new settings system to configure the instance Name and homepage banner 2024-05-20 21:14:32 +02:00
_navbar.html.twig Added a "create from label scan button to navbar" 2026-02-22 22:03:46 +01:00
_sidebar.html.twig Allow to configure sidebar menu via the new settings system 2024-08-07 00:41:06 +02:00
_toast.html.twig Improved styling of a info level flash toast in darkmode 2023-07-03 22:01:39 +02:00
_toast_container.html.twig Fixed toast position on large screens 2023-02-06 22:47:41 +01:00
_turbo_control.html.twig Use turbo-streams for handling updating locale menu in navbar 2026-02-22 21:53:37 +01:00
attachment_list.html.twig Added additional filters to attachment datatable 2025-02-22 17:48:26 +01:00
base.html.twig Navigate only the content frame when submitting the global barcode scan label 2026-03-01 16:56:47 +01:00
helper.twig Show in part info page whether price is inclusive VAT or not 2026-02-08 22:09:36 +01:00
homepage.html.twig Allow to hide the version number on homepage 2025-09-07 19:43:23 +02:00
main_card.html.twig Added a very basic import dialog for Parts 2023-03-12 19:53:55 +01:00
vars.macro.twig Fixed old usages of base_currency 2024-08-03 23:19:09 +02:00