Patrick/medassist-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb1810586d018e4a5f85db72da487801625e8608
medassist-ng/backend/src/routes
T
History
Daniel Volz cb1810586d security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting) 
- Add URL validation to prevent SSRF attacks on notification endpoints
  - Block private IPs (10.x, 172.16-31.x, 192.168.x, 169.254.x)
  - Block localhost and internal hostnames
  - Only allow HTTP/HTTPS protocols
- Add HTML escaping for medication names in email templates (XSS)
- Add stricter rate limiting for auth routes (5 req/15min for login/register)
- Add SSRF protection tests (405 tests total)
2025-12-30 11:52:00 +01:00
..
auth.ts
security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting)
2025-12-30 11:52:00 +01:00
doses.ts
feat: add 'and' operator import for enhanced query capabilities
2025-12-29 20:03:38 +01:00
health.ts
Initial commit
2025-12-19 13:09:53 +01:00
medications.ts
feat: update version to 1.0.2 and rename strip terminology to blister in medication and planner routes
2025-12-30 00:07:28 +01:00
oidc.ts
Refactor medication model to use blisters and pills instead of strips and tabs
2025-12-29 19:18:14 +01:00
planner.ts
security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting)
2025-12-30 11:52:00 +01:00
settings.ts
security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting)
2025-12-30 11:52:00 +01:00
share.ts
feat: update dose retrieval to remove 30-day limit and add sharedBy field in share routes
2025-12-29 20:00:25 +01:00