Emanuel Almeida
f1756829af
HIGH-SEVERITY FIXES (Fase 2): 1. Rate Limiting (Vulnerabilidade 2.1) - express-rate-limit: 100 req/15min (prod), 1000 req/15min (dev) - Applied to all /api/* routes - Standard headers for retry-after 2. CORS Restrictions (Vulnerabilidade 2.2) - Whitelist: dashboard.descomplicar.pt, desk.descomplicar.pt - Localhost only in development - CORS blocking logs 3. Input Validation with Zod (Vulnerabilidade 2.4) - Generic validateRequest() middleware - Schemas: WordPress Monitor, server metrics, dashboard, financial - Applied to api/routes/wp-monitor.ts POST endpoint - Detailed field-level error messages 4. Backend Authentication OIDC (Vulnerabilidade 2.5 - OPTIONAL) - Enabled via OIDC_ENABLED=true - Bearer token validation on all APIs - Backward compatible (disabled by default) 5. SSH Key-Based Auth Migration (Vulnerabilidade 2.6) - Script: /media/ealmeida/Dados/Dev/ClaudeDev/migrate-ssh-keys.sh - Generates ed25519 key, copies to 6 servers - Instructions to remove passwords from .env - .env.example updated with SSH_PRIVATE_KEY_PATH 6. Improved Error Handling (Vulnerabilidade 2.5) - Unique error IDs (UUID) for tracking - Structured JSON logs in production - Stack traces blocked in production - Generic messages to client FILES CHANGED: - api/server.ts - Complete refactor with all security improvements - api/middleware/validation.ts - NEW: Zod middleware and schemas - api/routes/wp-monitor.ts - Added Zod validation on POST - .env.example - Complete security documentation - CHANGELOG.md - Full documentation of 9 fixes (3 critical + 6 high) - package.json + package-lock.json - New dependencies DEPENDENCIES ADDED: - express-rate-limit@7.x - zod@3.x - express-openid-connect@2.x AUDIT STATUS: - npm audit: 0 vulnerabilities - Hook Regra #47: PASSED PROGRESS: - Phase 1 (Critical): 3/3 ✅ COMPLETE - Phase 2 (High): 6/6 ✅ COMPLETE - Phase 3 (Medium): 0/6 - Next - Phase 4 (Low): 0/5 - Next Related: AUDIT-REPORT.md vulnerabilities 2.1, 2.2, 2.4, 2.5, 2.6 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
56 lines
1.6 KiB
JavaScript
Executable File
56 lines
1.6 KiB
JavaScript
Executable File
/** @type {import('tailwindcss').Config} */
|
|
export default {
|
|
content: [
|
|
"./index.html",
|
|
"./src/**/*.{js,ts,jsx,tsx}",
|
|
],
|
|
theme: {
|
|
extend: {
|
|
colors: {
|
|
brand: {
|
|
50: '#eef2ff',
|
|
100: '#e0e7ff',
|
|
200: '#c7d2fe',
|
|
300: '#a5b4fc',
|
|
400: '#818cf8',
|
|
500: '#6366f1',
|
|
600: '#4f46e5',
|
|
700: '#4338ca',
|
|
800: '#3730a3',
|
|
900: '#312e81',
|
|
950: '#1e1b4b',
|
|
},
|
|
},
|
|
fontFamily: {
|
|
sans: ['Inter', 'system-ui', 'sans-serif'],
|
|
mono: ['JetBrains Mono', 'monospace'],
|
|
},
|
|
animation: {
|
|
'pulse-slow': 'pulse 3s cubic-bezier(0.4, 0, 0.6, 1) infinite',
|
|
'glow': 'glow 2s ease-in-out infinite alternate',
|
|
'float': 'float 6s ease-in-out infinite',
|
|
'shimmer': 'shimmer 2s linear infinite',
|
|
},
|
|
keyframes: {
|
|
glow: {
|
|
'0%': { boxShadow: '0 0 20px rgba(99, 102, 241, 0.3)' },
|
|
'100%': { boxShadow: '0 0 40px rgba(99, 102, 241, 0.6)' },
|
|
},
|
|
float: {
|
|
'0%, 100%': { transform: 'translateY(0px)' },
|
|
'50%': { transform: 'translateY(-10px)' },
|
|
},
|
|
shimmer: {
|
|
'0%': { backgroundPosition: '-200% 0' },
|
|
'100%': { backgroundPosition: '200% 0' },
|
|
},
|
|
},
|
|
backgroundImage: {
|
|
'gradient-radial': 'radial-gradient(var(--tw-gradient-stops))',
|
|
'grid-pattern': 'linear-gradient(to right, rgba(255,255,255,0.03) 1px, transparent 1px), linear-gradient(to bottom, rgba(255,255,255,0.03) 1px, transparent 1px)',
|
|
},
|
|
},
|
|
},
|
|
plugins: [],
|
|
}
|