tanabata

T

H1K0 aff270fa44 fix(backend): rate-limit login and refresh endpoints

/auth/login and /auth/refresh had no throttling, allowing unbounded
password brute-force attempts. Add a process-local fixed-window limiter
(10 requests/minute per client IP) in front of both.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-10 14:14:51 +03:00

backend

fix(backend): rate-limit login and refresh endpoints

2026-06-10 14:14:51 +03:00

docs

docs(project): add reference Python/Flask implementation

2026-04-03 18:36:05 +03:00

frontend

fix(frontend): use $appSettings.tagRuleApplyToExisting on creating a new tag rule also

2026-04-07 11:59:09 +03:00

.env.example

fix(backend): cap upload size to prevent memory exhaustion

2026-06-10 14:07:34 +03:00

.gitattributes

chore(project): add .gitignore and .gitattributes

2026-04-03 18:35:22 +03:00

.gitignore

chore(project): add .gitignore and .gitattributes

2026-04-03 18:35:22 +03:00

CLAUDE.md

docs(project): document scoped commit naming convention in CLAUDE.md

2026-04-04 21:41:22 +03:00

openapi.yaml

feat(backend): apply tag rules retroactively to existing files on activation

2026-04-07 00:00:45 +03:00

Languages

Go 49.6%

Svelte 39%

TypeScript 8.7%

PLpgSQL 1.4%

Dockerfile 0.5%

Other 0.8%