Add backend PIN verification and security hardening

- Add requirePin() check on add/update/delete endpoints (closes PIN bypass vulnerability) - Restrict CORS to specific allowed origins only - Add input length limits to sanitize() function - Frontend now sends currentPin with all write requests - Deploy script copies data/index.php to block directory listing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-23 22:30:39 -05:00
parent 08d550b0bd
commit 7e523392c0
3 changed files with 63 additions and 13 deletions
--- a/3
+++ b/3
@@ -8,6 +8,9 @@ rsync -avz --no-t --no-p --delete \
    --exclude 'data/' \
    index.html api.php containers.json og-image.png ${HOST}:${DIR}

+# Deploy data directory protection
+scp data/index.php ${HOST}:${DIR}/data/index.php 2>/dev/null || true
+
 # Handle data files
 if [ "$1" = "--reset-data" ]; then
    echo "Pushing local data to server..."