homeschool

CooperandGoodman/homeschool

Fork 0

Commit Graph

Author	SHA1	Message	Date
derekc	3022bc328b	Security hardening: go-live review fixes - TV tokens upgraded from 4 to 6 digits; Regen Token button in Admin - Nginx rate limiting on TV dashboard and WebSocket endpoints - Login lockout after 5 failed attempts (15 min); clears on admin password reset - HSTS header added; CSP unsafe-inline removed from script-src; CORS restricted to explicit methods/headers - Dependency CVE fixes: PyJWT 2.12.0, aiomysql 0.3.0, cryptography 46.0.5, python-multipart 0.0.22 - datetime.utcnow() replaced with datetime.now(timezone.utc) throughout - SQL identifier whitelist for startup migration queries - README updated: security notes section, lockout docs, token regen, NPM proxy guidance Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 00:00:14 -07:00
derekc	781e179090	Fix backend deps and apply theme to all Cancel buttons - Pin bcrypt==3.2.2 to fix passlib bcrypt backend detection error - Add email-validator==2.2.0 required by Pydantic EmailStr - Add btn-sm class to Cancel buttons in Admin, Dashboard, Log, Schedule views Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-27 23:24:39 -08:00
derekc	417b3adfe8	Initial project scaffold Full-stack homeschool web app with FastAPI backend, Vue 3 frontend, MySQL database, and Docker Compose orchestration. Includes JWT auth, WebSocket real-time TV dashboard, schedule builder, activity logging, and multi-child support. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-27 22:56:56 -08:00

Author

SHA1

Message

Date

derekc

3022bc328b

Security hardening: go-live review fixes

- TV tokens upgraded from 4 to 6 digits; Regen Token button in Admin
- Nginx rate limiting on TV dashboard and WebSocket endpoints
- Login lockout after 5 failed attempts (15 min); clears on admin password reset
- HSTS header added; CSP unsafe-inline removed from script-src; CORS restricted to explicit methods/headers
- Dependency CVE fixes: PyJWT 2.12.0, aiomysql 0.3.0, cryptography 46.0.5, python-multipart 0.0.22
- datetime.utcnow() replaced with datetime.now(timezone.utc) throughout
- SQL identifier whitelist for startup migration queries
- README updated: security notes section, lockout docs, token regen, NPM proxy guidance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-22 00:00:14 -07:00

derekc

781e179090

Fix backend deps and apply theme to all Cancel buttons

- Pin bcrypt==3.2.2 to fix passlib bcrypt backend detection error
- Add email-validator==2.2.0 required by Pydantic EmailStr
- Add btn-sm class to Cancel buttons in Admin, Dashboard, Log, Schedule views

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-27 23:24:39 -08:00

derekc

417b3adfe8

Initial project scaffold

Full-stack homeschool web app with FastAPI backend, Vue 3 frontend,
MySQL database, and Docker Compose orchestration. Includes JWT auth,
WebSocket real-time TV dashboard, schedule builder, activity logging,
and multi-child support.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-27 22:56:56 -08:00

3 Commits