History

M1 6bdd76b4f0 security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes - Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash - SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints - CORS (#4): lock to pingql.com origins, not wildcard - SSE limit (#6): 10 connections per monitor max - ReDoS (#7): cap $regex patterns at 200 chars - Monitor limit (#8): 100 per account default - Cookie env config (#9): secure/domain from env vars - Bearer parsing (#10): case-insensitive RFC 6750 - Pings retention (#11): 90-day pruner, hourly interval - monitors.enabled index (#12): partial index for /internal/due - Runner locking (#14): locked_until for horizontal scale safety - COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks - MONITOR_TOKEN null guard (#18): startup validation + middleware hardening - reset-key cookie fix (#16): sets new cookie in response		2026-03-17 06:10:10 +04:00
..
src	security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes	2026-03-17 06:10:10 +04:00
.gitignore	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00
CLAUDE.md	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00
README.md	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00
index.ts	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00
package.json	refactor: ETA templating engine for dashboard, shared nav/head/foot partials	2026-03-16 15:14:26 +04:00
tsconfig.json	Initial scaffold: web API (Bun/Elysia) + monitor (Rust/Tokio)	2026-03-16 11:40:24 +04:00

README.md

web

To install dependencies:

bun install

To run:

bun run index.ts

This project was created using bun init in bun v1.3.10. Bun is a fast all-in-one JavaScript runtime.