Carlos Escalante b4123703ef Rate-limit logins, constant-time creds, pin CORS, secure cookie
Both login endpoints now share verify_admin_credentials (hmac
compare_digest, SEC-02) and a 5/min/IP sliding-window rate limit that
returns 429 with Retry-After (SEC-03). CORS is pinned to the prod
domain and localhost dev origins instead of '*' (SEC-04). The session
cookie's Secure flag is driven by COOKIE_SECURE instead of hardcoded
false (SEC-08).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 19:13:19 -06:00
2026-03-21 08:30:01 -06:00
2026-03-21 08:30:01 -06:00

WealthySmart

A financial management application

Description
No description provided
Readme 4 MiB
Languages
TypeScript 65.2%
Python 33.3%
CSS 0.6%
Shell 0.4%
Dockerfile 0.2%
Other 0.1%