7c3cfd1715
README.md updates: - Added billing cycles (weekly/biweekly/quarterly/annual), history ranges, monthly income/starting amounts, migration rollback, audit logging, auth-mode/OIDC config, CSRF protection details - Added INIT_REGULAR_USER/PASS and SESSION_CLEANUP_INTERVAL_MS env vars - Added CSRF env vars (CSRF_HTTP_ONLY, CSRF_SAME_SITE, CSRF_SECURE, CSRF_COOKIE_NAME) - Noted export limitation: cycle_type, cycle_day, history_ranges omitted - Fixed: CSP is now implemented with per-request nonces (was 'deferred') - Added: default admin restricted from tracker routes, session rotation on password change, audit logging - Cleaned up demo server formatting, project structure listing, scripts - Removed authLogin.js from project structure (file was deleted in v0.23.2) Engineering_Reference_Manual.md: - Removed stale authLogin.js duplicate route note (file no longer exists) - Removed 401/403 error detail from login endpoint (simplified) - Updated version to 0.23.2 FUTURE.md: - Marked notification privacy leak (CRITICAL) as FIXED v0.23.2 - Marked duplicate login route (LOW) as FIXED v0.23.2 - Updated current version to v0.23.2 HISTORY.md: - Added v0.23.2 entry with security fix and route consolidation details |
||
|---|---|---|
| .. | ||
| images | ||
| Authentik-Integration.md | ||
| CSRF-SPA-Setup.md | ||
| Engineering_Reference_Manual.md | ||
| Engineering_Reference_promp.md | ||
| RATE_LIMITING_ENHANCEMENT.md | ||
| UI_IMPROVEMENTS.md | ||