ico
/
pingql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
330 Commits 1 Branch 0 Tags 3.2 MiB
Commit Graph

179 Commits

Author SHA1 Message Date
M1 e461d73ce3 refactor: drop all hashing, store keys plaintext 2026-03-17 06:47:22 +04:00
M1 54c89a5a11 fix: store key_plain on sub-keys, display always in settings with copy button 2026-03-17 06:40:33 +04:00
M1 c684d96d90 fix: rename API Keys -> Sub-Keys, show key inline on creation, no reload 2026-03-17 06:37:29 +04:00
M1 ab4f60e159 fix: rotate button inline with key field, updates in place 2026-03-17 06:34:57 +04:00
M1 0c65b5e3fa fix: just show the login key on settings page 2026-03-17 06:33:13 +04:00
M1 2ec1915ef5 fix: remove pointless internal UUID from settings, show login key label instead 2026-03-17 06:31:41 +04:00
M1 9d8982ae50 fix: key rotation shows new key in dedicated reveal, not sub-key div; clarify account ID label 2026-03-17 06:29:58 +04:00
M1 6bdd76b4f0 security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes 
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4): lock to pingql.com origins, not wildcard
- SSE limit (#6): 10 connections per monitor max
- ReDoS (#7): cap $regex patterns at 200 chars
- Monitor limit (#8): 100 per account default
- Cookie env config (#9): secure/domain from env vars
- Bearer parsing (#10): case-insensitive RFC 6750
- Pings retention (#11): 90-day pruner, hourly interval
- monitors.enabled index (#12): partial index for /internal/due
- Runner locking (#14): locked_until for horizontal scale safety
- COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18): startup validation + middleware hardening
- reset-key cookie fix (#16): sets new cookie in response
 2026-03-17 06:10:10 +04:00
M1 5071e340c7 fix: SSE-driven chart/sparkline refresh, debounced server-side partials 2026-03-16 21:21:56 +04:00
M1 2f7273604b refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh 2026-03-16 21:14:45 +04:00
M1 878829111f fix: use raw ETA tag for timestamp HTML in SSR monitor list 2026-03-16 17:37:48 +04:00
M1 31f95288e6 fix: missing closing ETA block tag in home.ejs SSR section 2026-03-16 17:32:22 +04:00
M1 ef56b47b09 feat: cookie-based auth, SSR dashboard, JS-optional login 2026-03-16 17:25:59 +04:00
M1 8e4cb84599 ux: widen dashboard layout to max-w-7xl, consistent px-8 padding 2026-03-16 17:15:45 +04:00
M1 d41d3a3737 fix: latency chart red dots — track up/down with latency values 2026-03-16 17:13:48 +04:00
M1 923f0349dc feat: fully SSE-driven detail/home pages, kill polling intervals 2026-03-16 17:10:12 +04:00
M1 037013b564 fix: SSE ping rows match existing table row style 2026-03-16 17:07:31 +04:00
M1 a681833d8d feat: detail edit form matches new monitor form (method, headers, body, timeout) 2026-03-16 17:04:30 +04:00
M1 ef2b2c043d feat: live sparkline updates on SSE ping 2026-03-16 16:20:34 +04:00
M1 31d1fa7b04 fix: SSE via fetch for auth headers, remove query param auth, add heartbeat every 10s 2026-03-16 16:17:33 +04:00
M1 6d48a83560 feat: SSE live ping stream for monitors 2026-03-16 16:14:23 +04:00
M1 1e95149456 feat: live-updating timestamps via data-ts attribute 2026-03-16 16:10:04 +04:00
M1 2bfe3a0272 fix: remove double popup on key rotation 2026-03-16 16:07:12 +04:00
M1 3368dbdd7f feat: custom method, headers, body, timeout on monitors 2026-03-16 15:30:35 +04:00
M1 d98aa5e46f fix: query-builder.js missing from monitor detail page 2026-03-16 15:25:16 +04:00
M1 5944fae824 fix: query-builder.js missing from new monitor EJS page 2026-03-16 15:21:21 +04:00
M1 4c5e426292 fix: remove defer from app.js so functions available to inline scripts 2026-03-16 15:19:33 +04:00
M1 87c924d8d0 fix: app.js deferred in head (fixes requireAuth undefined), extract app.css 2026-03-16 15:16:59 +04:00
M1 e36c239000 refactor: ETA templating engine for dashboard, shared nav/head/foot partials 2026-03-16 15:14:26 +04:00