feat(admin): SmartAdmin template redesign + security hardening

- Migrated all admin views from inline JS string templates to EJS
- Integrated SmartAdmin template with dark sidebar, fixed header, CSS grid
- Added express-ejs-layouts for master layout wrapper
- Security:
  - CSRF protection (double-submit cookie)
  - Rate limiting on /login (5/15min)
  - Token revocation via jti + globalLogoutTimestamp
  - Re-auth (reauth_token) for destructive endpoints
  - Settings whitelist (ALLOWED_KEYS) + removed process.exit
  - Seed phrases no longer rendered in HTML (CSV export only)
  - Multer fileFilter for image uploads + safe filename generation
  - SQL injection fix (currency column allowlist)
  - Global error handler + asyncHandler wrapper
- New files: csrf.js, errorHandler.js, error.ejs, all EJS templates
- SmartAdmin assets: CSS, icons, webfonts, plugins, scripts
This commit is contained in:
NW
2026-07-06 17:42:54 +01:00
parent 8d85776135
commit d4c476002c
1010 changed files with 256079 additions and 1625 deletions

View File

@@ -17,8 +17,10 @@
"decompress": "^4.2.1",
"dotenv": "^16.3.1",
"ecpair": "^2.1.0",
"ejs": "^6.0.1",
"ethereumjs-util": "^7.1.5",
"express": "^4.21.0",
"express-ejs-layouts": "^2.5.1",
"hdkey": "^2.1.0",
"multer": "^2.2.0",
"node-telegram-bot-api": "^0.64.0",
@@ -27,6 +29,7 @@
"tiny-secp256k1": "^2.2.3"
},
"devDependencies": {
"nodemon": "^3.0.2"
"nodemon": "^3.0.2",
"playwright": "^1.61.1"
}
}