 nate
|
13beacbc5a
|
chore: remove us-east and ap-southeast regions from UI
|
2026-03-18 20:20:25 +04:00 |
|
nate
|
2d46491dee
|
chore: remove us-east region from UI, charts, and region selectors
|
2026-03-18 20:13:11 +04:00 |
|
nate
|
688245b0c2
|
fix: match client-side sparkline behavior to SSR region-aware rendering
|
2026-03-18 19:31:41 +04:00 |
|
nate
|
425bfbfc39
|
perf: optimize monitor runner, fix SSE leak, deduplicate shared utils
|
2026-03-18 18:44:08 +04:00 |
M1
|
07648672ad
|
feat: per-region chart lines and lowest-avg sparkline
|
2026-03-18 16:25:47 +04:00 |
|
M1
|
841a852491
|
feat: split web and api into separate apps
|
2026-03-18 09:33:46 +04:00 |
|
M1
|
017d489e2e
|
fix: mutate polyline points in place on SSE ping, no fetch, no flicker
|
2026-03-17 07:44:09 +04:00 |
|
M1
|
6bdd76b4f0
|
security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4): lock to pingql.com origins, not wildcard
- SSE limit (#6): 10 connections per monitor max
- ReDoS (#7): cap $regex patterns at 200 chars
- Monitor limit (#8): 100 per account default
- Cookie env config (#9): secure/domain from env vars
- Bearer parsing (#10): case-insensitive RFC 6750
- Pings retention (#11): 90-day pruner, hourly interval
- monitors.enabled index (#12): partial index for /internal/due
- Runner locking (#14): locked_until for horizontal scale safety
- COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18): startup validation + middleware hardening
- reset-key cookie fix (#16): sets new cookie in response
|
2026-03-17 06:10:10 +04:00 |
|
M1
|
2f7273604b
|
refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh
|
2026-03-16 21:14:45 +04:00 |