cqrenet/aoc
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity

v1.7.12: security hardening — CORS fix, security headers, fail-closed rate limiter, OpenAPI docs disabled by default, config auth privacy, webhook validation
Some checks failed
CI / lint-and-test (push) Failing after 41s
Details
Release / build-and-push (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Tomas Kracmar
2026-04-27 13:59:05 +02:00
parent c086fa4260
commit f263cbf8ac
10 changed files with 303 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/config.py
View File

@@ -76,6 +76,9 @@ class Settings(BaseSettings):
RATE_LIMIT_REQUESTS: int = 120
RATE_LIMIT_WINDOW_SECONDS: int = 60
# Security / docs exposure
DOCS_ENABLED: bool = False
_settings = Settings()
@@ -127,3 +130,5 @@ WEBHOOK_CLIENT_SECRET = _settings.WEBHOOK_CLIENT_SECRET
RATE_LIMIT_ENABLED = _settings.RATE_LIMIT_ENABLED
RATE_LIMIT_REQUESTS = _settings.RATE_LIMIT_REQUESTS
RATE_LIMIT_WINDOW_SECONDS = _settings.RATE_LIMIT_WINDOW_SECONDS
DOCS_ENABLED = _settings.DOCS_ENABLED