a2nr
/
elemes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
61 Commits
1 Branch
1 Tag
6.2 MiB
Commit Graph

5 Commits (dc1d65ac158bbca4c1f6514857260e6d9fe52321)

Author SHA1 Message Date
a2nr e4c68b2894 feat(security): implement anonymous access with rate limiting and secure proxy, harden authentication and implement session protection 
Implements multiple layers of security to address high-risk session
   and authentication vulnerabilities identified in the security review:

   - Allow code compilation (C, Python, Arduino) for anonymous users.
   - Enforce a 1-request-per-2-minutes rate limit for anonymous IPs.
   - Implement a global anonymous compilation queue with 20 concurrent slots.
   - Proxy Velxio (Arduino) compilation through Flask to prevent API hijacking.
   - Exempt authenticated users (tokens/cookies) from all rate limits.
   - Fix networking and DNS resolution in podman-compose.
   - Fix Svelte a11y warnings and trailing slash routing issues.
   - Cookie Security: Added dynamic 'secure' flag support via COOKIE_SECURE
     env variable for HTTPS/Tailscale Funnel compatibility.
   - Rate Limiting: Integrated Flask-Limiter on /login (50 req/min) to
     prevent API abuse while accommodating shared school networks (NAT).
   - Tarpitting: Added 1.5s artificial delay on failed logins to neutralize
     automated brute-force tools without blocking legitimate users.
   - Session Invalidation: Implemented an in-memory token blacklist on
     logout to ensure session tokens cannot be reused.
   - Documentation: Updated technical docs and proposal status to reflect
     the current security architecture.

   Ref: @elemes/proposal.md (Poin 6.1, 6.2, 6.3)
 2026-04-22 12:57:54 +07:00
a2nr 74a8d87853 add velxio as submodule 2026-04-09 10:51:36 +07:00
a2nr a0d6f2615a feat: Implement anti copy-paste system and enhance asset proxying 
- Added proxy handling for `/assets/` in `sinau-c-tail.json` to route requests to the asset server.
- Enhanced `hooks.server.ts` to support proxying for both `/api/*` and `/assets/*` endpoints, including handling binary content.
- Introduced an anti copy-paste system in the lesson page to prevent text selection and copying from lesson content.
- Updated `CodeEditor.svelte` to prevent pasting from external sources with multiple layers of protection.
- Improved lesson page structure to support floating editor functionality and mobile responsiveness.
- Added celebration overlay for successful code completion in the lesson page.
- Adjusted `vite.config.ts` to include asset proxy configuration.
- Modified `podman-compose.yml` for production deployment with gunicorn and updated network settings.
 2026-03-26 13:52:59 +07:00
a2nr d2b6d62b28 refactor to make it better 2026-03-25 09:39:51 +07:00
a2nr 876b0051e6 change folder config 2026-01-06 21:42:45 +07:00