feat: enhance deployment process and update dependencies

mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00

- Updated the deployment script to build the web application before deploying.
- Upgraded Wrangler dependency from 4.61.1 to 4.69.0.

feat: add import item limit and request body size limit

- Introduced a new limit for the maximum total items allowed in a single import (5000).
- Set a hard body size limit for JSON API endpoints (25 MB).

feat: validate KDF parameters during registration and password change

- Added validation for KDF parameters to ensure compliance with Bitwarden's minimum requirements.
- Enhanced error handling for invalid KDF parameters during user registration and password change.

feat: clean up R2 files on user deletion

- Implemented cleanup of R2 files associated with user attachments and sends before deleting user metadata.

feat: verify folder ownership when creating or updating ciphers

- Added checks to ensure that users cannot reference folders owned by other users when creating or updating ciphers.

fix: handle corrupted cipher data gracefully

- Improved error handling when retrieving ciphers from the database to avoid crashes due to corrupted data.

feat: increment send access count atomically

- Added a method to atomically increment the access count for sends and return whether the update was successful.

fix: enforce request body size limits

- Implemented checks to reject oversized request bodies for non-file upload paths.

fix: update error handling for database initialization

- Enhanced error logging for database initialization failures while providing a generic message to clients.

feat: enhance security with Content Security Policy

- Added a Content Security Policy to the web application to improve security against XSS attacks.

fix: remove plaintext TOTP secret from localStorage

- Updated the TOTP enabling process to remove the plaintext secret from localStorage after it is stored on the server.

fix: ensure only PBKDF2 hash is sent for public send access

- Modified the public send access payload to ensure only the PBKDF2 hash is sent, never the plaintext password.

This commit is contained in:

shuaiplus

2026-03-01 21:01:52 +08:00

committed by

Shuai

parent 1a94f8dd44

commit 7d5681665f

18 changed files with 349 additions and 186 deletions

									
										package.json
									
		+2
		-3
	
												View File
												
				@@ -12,8 +12,7 @@

				    "web:dev": "vite --config webapp/vite.config.ts",

				    "web:build": "vite build --config webapp/vite.config.ts",

				    "web:typecheck": "tsc -p webapp/tsconfig.json --noEmit",

				    "deploymy": "wrangler deploy -c wrangler.my.toml",

				    "deploy": "wrangler deploy"

				    "deploy": "npm run web:build && wrangler deploy"

				  },

				  "keywords": [

				    "bitwarden",

				@@ -42,7 +41,7 @@

				    "tsx": "^4.21.0",

				    "typescript": "^5.9.3",

				    "vite": "^7.3.1",

				    "wrangler": "^4.61.1"

				    "wrangler": "^4.69.0"

				  },

				  "dependencies": {

				    "@tanstack/react-query": "^5.90.21",