SmartUp

LiuMangMang/SmartUp

Fork 0

Commit Graph

Author	SHA1	Message	Date
SmartUp Developer	4d1237c58f	feat: auth capture — remote browser credential extraction - BrowserSessionService: add create_ephemeral() for temp sessions - New auth_capture_service.py: extract cookies, localStorage, sessionStorage from page - New auth_capture router: POST /sessions, GET /sessions/{id}/extract, DELETE /sessions/{id} - Frontend AuthCaptureDialog: URL input → browser view → extract → pick candidate - Upstreams.vue: '提取' button next to Bearer Token field - No sensitive values logged	2026-05-17 21:04:36 +08:00
SmartUp Developer	ad16618406	fix: address multiple code audit findings - CORS: replace wildcard with explicit origin list from CORS_ORIGINS env - Auth: enforce strong defaults, JWT blacklist (RevokedToken model), login rate limiting - Auth: validate password length before bcrypt (72-byte limit) - Scheduler: single-threaded worker to mitigate SQLite write contention - Scheduler: graceful shutdown (wait=True) - Snapshots: add prune_snapshots() with configurable retention count - Storage: isolate localStorage keys via VITE_APP_KEY prefix - Config: add cors_origins, login_rate_limit, snapshot_retention_count settings	2026-05-17 10:52:18 +08:00
liumangmang	7adc7c00ab	Add remote browser pages and website sync Enable managed remote browser custom pages with login autofill and add website sync workflows so external admin surfaces can be handled inside SmartUp. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-15 15:43:58 +08:00

Author

SHA1

Message

Date

SmartUp Developer

4d1237c58f

feat: auth capture — remote browser credential extraction

- BrowserSessionService: add create_ephemeral() for temp sessions
- New auth_capture_service.py: extract cookies, localStorage, sessionStorage from page
- New auth_capture router: POST /sessions, GET /sessions/{id}/extract, DELETE /sessions/{id}
- Frontend AuthCaptureDialog: URL input → browser view → extract → pick candidate
- Upstreams.vue: '提取' button next to Bearer Token field
- No sensitive values logged

2026-05-17 21:04:36 +08:00

SmartUp Developer

ad16618406

fix: address multiple code audit findings

- CORS: replace wildcard with explicit origin list from CORS_ORIGINS env
- Auth: enforce strong defaults, JWT blacklist (RevokedToken model), login rate limiting
- Auth: validate password length before bcrypt (72-byte limit)
- Scheduler: single-threaded worker to mitigate SQLite write contention
- Scheduler: graceful shutdown (wait=True)
- Snapshots: add prune_snapshots() with configurable retention count
- Storage: isolate localStorage keys via VITE_APP_KEY prefix
- Config: add cors_origins, login_rate_limit, snapshot_retention_count settings

2026-05-17 10:52:18 +08:00

liumangmang

7adc7c00ab

Add remote browser pages and website sync

Enable managed remote browser custom pages with login autofill and add website sync workflows so external admin surfaces can be handled inside SmartUp.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-15 15:43:58 +08:00

3 Commits