fa72672aac
security: fix critical auth gaps, SSRF, IDOR, and embedding error handling
...
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL:
- Add auth + admin check to 10 unprotected API routes (test-*, debug/*,
config, models, fix-labels)
- Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open)
- Add SSRF protection to getOllamaModels (blocks private/internal IPs)
HIGH:
- Fix getAllLabels() missing userId filter (leaked all users' labels)
- Fix /api/labels OR clause leaking other users' labels
- Fix IDOR in toggleAgent/getAgentActions (add ownership check)
- Fix getEmbeddings() returning [] on error in all 5 providers (corrupted
semantic search with NaN cosine similarity) — now throws instead
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-04-30 21:02:13 +02:00
Sepehr Ramezani
5b7cbcbc49
docs: add complete guide, env files, fix docker-compose
...
- Add GUIDE.md: complete user documentation covering installation,
Docker deployment, AI providers, MCP server, N8N integration,
email config, admin panel, env var reference, troubleshooting
- Add mcp-server/.env.example with all MCP-specific variables
- Update .env.docker.example with all 42 environment variables
- Fix docker-compose.yml: parameterize PostgreSQL credentials,
add missing env vars (CUSTOM_OPENAI, AI_PROVIDER_CHAT,
ALLOW_REGISTRATION, RESEND_API_KEY)
- Track memento-note/.env.example
2026-04-20 22:57:09 +02:00
Sepehr Ramezani
e4d4e23dc7
chore: clean up repo for public release
...
- Remove BMAD framework, IDE configs, dev screenshots, test files,
internal docs, and backup files
- Rename keep-notes/ to memento-note/
- Update all references from keep-notes to memento-note
- Add Apache 2.0 license with Commons Clause (non-commercial restriction)
- Add clean .gitignore and .env.docker.example
2026-04-20 22:48:06 +02:00