ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1deea4c671
gitdataai/apps/app
History
ZhenYi 6a123170a1 fix: harden session key derivation from APP_SESSION_SECRET 
- Reject secrets shorter than 32 bytes (fall back to generated key)
- Use SHA-256 hash instead of naive byte cycling to derive the key
  (cycling "password" to 64 bytes gave extremely low entropy)
2026-04-27 13:59:31 +08:00
..
src fix: harden session key derivation from APP_SESSION_SECRET 2026-04-27 13:59:31 +08:00
Cargo.toml feat(observability): Phase 6 OTLP tracing + Prometheus metrics endpoint 2026-04-22 10:27:54 +08:00