agatha 9021f4816a Fix: Prefer X-Real-IP over XFF[0] in get_client_ip to close spoof bypass ...

XFF[0] is attacker-controllable; a crafted X-Forwarded-For header could
attribute login failures to a victim IP, triggering their lockout while
the attacker accumulates none. ingress-nginx sets X-Real-IP via its
realip module using an authoritative CIDR allowlist and overwrites any
client-supplied value, making it spoof-resistant. Fallback to XFF[0]
is retained for defence in depth but now emits a warning if reached.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-09 17:52:05 +00:00

..

auth

Fix: Prefer X-Real-IP over XFF[0] in get_client_ip to close spoof bypass

2026-05-09 17:52:05 +00:00

repositories

Fix: Use WHERE instead of HAVING for min_count filter in list_tags()

2026-05-06 18:42:50 +00:00

routers

Fix: Strip whitespace from S3_PUBLIC_BASE_URL before building CDN URLs

2026-05-09 00:35:22 +00:00

storage

Feat: Proxy image content through the API instead of redirecting to MinIO

2026-05-03 16:36:43 +00:00

__init__.py

[Spec Kit] Implementation progress

2026-05-02 16:13:23 +00:00

config.py

Feat: Serve images directly from Cloudflare R2 CDN

2026-05-09 00:17:22 +00:00

database.py

Feat: Add tag browser page at /tags with count-sorted tag list and library deep-link

2026-05-06 18:40:06 +00:00

dependencies.py

Feat: Implement JWT bearer token authentication

2026-05-03 19:12:38 +00:00

main.py

Feat: Gate API docs endpoints behind API_DOCS_ENABLED env var

2026-05-07 20:40:48 +00:00

models.py

Feat: Add tag browser page at /tags with count-sorted tag list and library deep-link

2026-05-06 18:40:06 +00:00

thumbnail.py

Feat: Pre-generate WebP thumbnails on upload for faster library load

2026-05-03 17:26:16 +00:00

utils.py

[Spec Kit] Implementation progress

2026-05-02 16:13:23 +00:00

validation.py

[Spec Kit] Implementation progress

2026-05-02 16:13:23 +00:00