notkshitij/SpecForge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
29 Commits 1 Branch 0 Tags
d2a75be7b68814b9258e2b37960246b044437760
Commit Graph

4 Commits

Author SHA1 Message Date
Kshitij d2a75be7b6 fix: harden server input validation and prevent information leakage. 2026-05-03 17:25:25 +05:30
Kshitij f88a45968a docs: add JSDoc and normalize comments across server. 2026-05-03 00:16:42 +05:30
Kshitij 0d8b2cdb3f security: add helmet, rate limiting, strict CORS, input sanitization. 
- Add helmet for secure HTTP response headers.
- Add express-rate-limit: 60 req/min general, 20 req/min on LLM endpoints.
- Restrict CORS to localhost origins in dev, CORS_ORIGIN env var in prod.
- Cap request body at 16kb.
- Add sanitizeText() to strip control chars on all string inputs.
- Add isValidStandardId() regex guard on :id param and standard_id fields.
- All route handlers use sanitized values; no raw req.body/req.query access.
 2026-05-02 23:59:33 +05:30
Kshitij 3a0c32ea8f feat: add web server backend. 2026-04-28 23:56:07 +05:30