feat(security): harden auth, oauth, and printer endpoints

Add stricter URL and redirect validation, endpoint rate limiting, safer defaults for printer and compose config, and CSP protections across server and API surfaces.

Made-with: Cursor
This commit is contained in:
Amruth Pillai
2026-04-25 15:31:06 +02:00
parent d3102565e4
commit a42dbcd452
27 changed files with 1041 additions and 376 deletions
+1 -1
View File
@@ -29,7 +29,7 @@ export const pictureSchema = z.object({
url: z
.string()
.describe(
"The URL to the picture to display on the resume. Must be a valid URL with a protocol (http:// or https://).",
"The URL to the picture to display on the resume. Prefer local app-served paths (for example /uploads/...) populated via upload.",
),
size: z
.number()
+1 -1
View File
@@ -3,7 +3,7 @@ import type { ResumeData } from "./data";
export const sampleResumeData: ResumeData = {
picture: {
hidden: false,
url: "https://i.imgur.com/o4Jpt1p.jpeg",
url: "",
size: 100,
rotation: 0,
aspectRatio: 1,