pingql

Commit Graph

Author	SHA1	Message	Date
M1	6bdd76b4f0	security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes - Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash - SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints - CORS (#4): lock to pingql.com origins, not wildcard - SSE limit (#6): 10 connections per monitor max - ReDoS (#7): cap $regex patterns at 200 chars - Monitor limit (#8): 100 per account default - Cookie env config (#9): secure/domain from env vars - Bearer parsing (#10): case-insensitive RFC 6750 - Pings retention (#11): 90-day pruner, hourly interval - monitors.enabled index (#12): partial index for /internal/due - Runner locking (#14): locked_until for horizontal scale safety - COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks - MONITOR_TOKEN null guard (#18): startup validation + middleware hardening - reset-key cookie fix (#16): sets new cookie in response	2026-03-17 06:10:10 +04:00
M1	d11488ecbf	feat: landing page at /	2026-03-16 14:16:25 +04:00
M1	7b38ff192e	feat: custom docs page at /docs, drop swagger	2026-03-16 14:07:30 +04:00
M1	eb45152c29	feat: query language docs in swagger description	2026-03-16 14:02:55 +04:00
M1	b20f463d53	fix: correct pings import path in index.ts	2026-03-16 13:46:49 +04:00
M1	b4f95fa375	refactor: merge checks into monitors (/monitors/:id/history), ingest moves to /internal/ingest	2026-03-16 13:43:55 +04:00
M1	a22112dc77	refactor: merge auth into account prefix (/account/register, /account/email)	2026-03-16 13:37:20 +04:00
M1	fd4af848bc	fix: hide dashboard + internal routes from swagger docs	2026-03-16 13:33:44 +04:00
M1	692d7eb4f5	feat: post-registration key screen + optional email step	2026-03-16 12:55:52 +04:00
M1	500132ba05	feat: dashboard, visual query builder, expanded query language, cert expiry support	2026-03-16 12:26:17 +04:00
M1	570222c7a9	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00

11 Commits