ico
/
pingql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
223 Commits 1 Branch 0 Tags 3.2 MiB
Commit Graph

12 Commits

Author SHA1 Message Date
nate 2075de164d update: use short 16-char hex IDs for new monitors instead of UUIDs 2026-03-18 21:05:01 +04:00
nate 425bfbfc39 perf: optimize monitor runner, fix SSE leak, deduplicate shared utils 2026-03-18 18:44:08 +04:00
M1 f71388a51a feat: jitter_ms tracking — scheduled_at stamped at dispatch, jitter computed on ingest 2026-03-17 10:44:35 +04:00
M1 ed5e213b1a fix: migrate() uses CREATE IF NOT EXISTS — no more data wipe on restart 2026-03-17 07:17:54 +04:00
M1 e461d73ce3 refactor: drop all hashing, store keys plaintext 2026-03-17 06:47:22 +04:00
M1 54c89a5a11 fix: store key_plain on sub-keys, display always in settings with copy button 2026-03-17 06:40:33 +04:00
M1 6bdd76b4f0 security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes 
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4): lock to pingql.com origins, not wildcard
- SSE limit (#6): 10 connections per monitor max
- ReDoS (#7): cap $regex patterns at 200 chars
- Monitor limit (#8): 100 per account default
- Cookie env config (#9): secure/domain from env vars
- Bearer parsing (#10): case-insensitive RFC 6750
- Pings retention (#11): 90-day pruner, hourly interval
- monitors.enabled index (#12): partial index for /internal/due
- Runner locking (#14): locked_until for horizontal scale safety
- COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18): startup validation + middleware hardening
- reset-key cookie fix (#16): sets new cookie in response
 2026-03-17 06:10:10 +04:00
M1 c73951ea91 fix: ON UPDATE CASCADE on account FK so key rotation propagates 2026-03-16 15:58:52 +04:00
M1 3368dbdd7f feat: custom method, headers, body, timeout on monitors 2026-03-16 15:30:35 +04:00
M1 ce155cd338 feat: settings page — email, key rotation, sub-keys 2026-03-16 15:05:39 +04:00
M1 eb2d173cb0 rename: checks → pings throughout (DB, API, UI, Rust) 2026-03-16 13:45:09 +04:00
M1 570222c7a9 Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio) 2026-03-16 11:40:24 +04:00