37d745703c
security: remove RealIP middleware, tighten rate limiter defaults
...
- remove chi middleware.RealIP; deprecated in chi v5.3.0 due to IP spoofing
vulnerabilities (GHSA-3fxj-6jh8-hvhx, GHSA-rjr7-jggh-pgcp, GHSA-9g5q-2w5x-hmxf)
- lower default RATE_LIMIT from 100 to 20 req/s per IP
- support RATE_LIMIT=0 to disable rate limiting entirely (for deployments behind
a remote reverse proxy with its own rate limiting)
- fix incorrect .env.example comment (was 'per 15 minute window', is per second)
2026-05-23 18:37:55 -07:00
8c06caadf3
update sqlite dep, disallow non-ascii characters in API keys
2026-04-25 18:37:03 -07:00
960b5c2874
shorten email actions to include just the first @ part
2026-04-15 09:48:07 -07:00
3f8fc957c5
dont need to truncate for logs
2026-04-15 09:16:22 -07:00
ca367baf35
fix telegram linking, minor fixes for upcoming release
2026-04-15 07:58:38 -07:00
4f259ccfea
support images in notifications, enrich notifications with phone + email actions, UX/a11y improvements
2026-04-14 18:05:14 -07:00
814c6fa258
more minor UI nitpicks
2026-04-13 22:47:59 -07:00
ef98c7eab3
fix missed telegram unlinked status update
2026-04-13 20:27:17 -07:00
d39a8e2b43
more minor UI adjustments, back to matching Android theme
2026-04-13 20:13:09 -07:00
c9cb3a7289
update to latest signal-cli, UI audit improvements"
2026-04-13 12:17:59 -07:00
2cfee68536
reduce debug spam from hydroxide, better log title from ntfy alerts
2026-04-04 12:36:24 -07:00
eb762fd05b
another fix to ensure consistent relinking proton behaviour
2026-03-29 12:17:59 -07:00
e5778f68aa
rename prism admin -> prism
2026-03-28 17:07:39 -07:00
c9d52e6b43
new eye icon to show/hide proton mail password during initial entry, fix proton re-linking, new release
2026-03-28 14:25:55 -07:00
7ccfe8e585
default integration flags to true, update x/crypto to latest, v1.1.0
2026-03-11 19:19:10 -07:00
dff6addb35
make info logging more consistent
2026-02-27 18:26:01 -08:00
6c3c5e1f6d
rename Delete to Trash
2026-02-27 13:43:47 -08:00
4dac3dbba0
better logging levels
2026-02-26 23:56:19 -08:00
bb8ce0456a
code cleanups and refactors
2026-02-26 18:35:11 -08:00
b3bb864fac
better notification action ordering
2026-02-24 22:02:00 -08:00
ce18b03394
new delete action for proton mail notifications
2026-02-24 20:43:17 -08:00
bb1ee31308
code cleanups, switch to chi rate limiting middleware
2026-02-24 01:24:22 -08:00
429ce5d239
new favicon
2026-02-18 19:08:26 -08:00
a96a814661
correcting sqlite limitation on bursty requests which lock the DB without a busy timeout
2026-02-18 11:35:25 -08:00
061fcb305f
display subscription id in tooltip
2026-02-18 00:29:47 -08:00
9976faaf27
correcting webpush data
2026-02-17 22:23:46 -08:00
45b55dc1c5
remove excessive logging
2026-02-17 21:54:07 -08:00
147534286f
adding basic webpush request validation
2026-02-17 21:22:06 -08:00
7f1de091e0
minor UI nits
2026-02-17 19:05:41 -08:00
df0834cc0f
more minor webpush UI adjustments
2026-02-16 23:13:47 -08:00
649b3d33c0
webpush improvements
2026-02-16 21:52:53 -08:00
f29f79e04c
ignore favicon 404s
2026-02-16 18:25:20 -08:00
d69651ecda
cache previously created signal groups better for potential re-use
2026-02-15 22:45:41 -08:00
667c8f77ac
clean up unused admin routes, expose existing apps via new endpoint, update schema to allow an app to have many subscription channels
2026-02-15 21:19:40 -08:00
923e7110c4
fix version in api/health response
2026-02-14 14:40:47 -08:00
a66ddc7363
version all APIs for v1
2026-02-14 12:53:08 -08:00
2fde90e650
fix proton access token expiring after not being refreshed on service start, fix linking regression
2026-02-13 00:05:16 -08:00
ea3345825a
code clean ups, minor improvements
2026-02-12 23:13:16 -08:00
af045a3736
minor logging improvements
2026-02-11 00:52:54 -08:00
74233957d3
split larger files into multiple, slim down biome config, dont retry for permanent errors, consistently use Link, new chi middleware to fix 401s hanging
2026-02-10 17:10:02 -08:00
48c420d14b
reduce health spam, make dockerfile health checks respect the configured port
2026-02-09 18:10:57 -08:00
372295be45
fix /health but for real this time
2026-02-09 03:22:38 -08:00
3978f476c7
fix health endpoint, nits
2026-02-09 02:57:30 -08:00
113f09c2ab
don't cache signal auth status, dont send empty messages to non-webpush channels
2026-02-09 02:07:32 -08:00
244ab02651
using biome for html/cs/js formatting and linting, simplify app to run with no services, re-implement proton and signal implementations to be much better, configure all integration in web UI instead of .env
2026-02-09 01:19:47 -08:00
f1fddabaf7
return linked account from /api/health
2026-02-07 12:58:36 -08:00
cc21c41e73
health monitoring for prism, expose server version in /api/health
2026-02-07 03:07:21 -08:00
c41d7ecfef
fix sqlite open
2026-02-07 02:13:05 -08:00
7fd57101a3
improve README, code cleaning, use the other sqlite lib for less RAM usage, use any instead of interface, add 3 retries with exponential backoff for undelivered notifications
2026-02-07 01:54:06 -08:00
23e905ee99
different sqlite lib to avoid CGO for faster builds,
2026-02-06 23:23:57 -08:00
