feat(admin): SmartAdmin template redesign + security hardening
- Migrated all admin views from inline JS string templates to EJS - Integrated SmartAdmin template with dark sidebar, fixed header, CSS grid - Added express-ejs-layouts for master layout wrapper - Security: - CSRF protection (double-submit cookie) - Rate limiting on /login (5/15min) - Token revocation via jti + globalLogoutTimestamp - Re-auth (reauth_token) for destructive endpoints - Settings whitelist (ALLOWED_KEYS) + removed process.exit - Seed phrases no longer rendered in HTML (CSV export only) - Multer fileFilter for image uploads + safe filename generation - SQL injection fix (currency column allowlist) - Global error handler + asyncHandler wrapper - New files: csrf.js, errorHandler.js, error.ejs, all EJS templates - SmartAdmin assets: CSS, icons, webfonts, plugins, scripts
This commit is contained in:
@@ -17,8 +17,10 @@
|
||||
"decompress": "^4.2.1",
|
||||
"dotenv": "^16.3.1",
|
||||
"ecpair": "^2.1.0",
|
||||
"ejs": "^6.0.1",
|
||||
"ethereumjs-util": "^7.1.5",
|
||||
"express": "^4.21.0",
|
||||
"express-ejs-layouts": "^2.5.1",
|
||||
"hdkey": "^2.1.0",
|
||||
"multer": "^2.2.0",
|
||||
"node-telegram-bot-api": "^0.64.0",
|
||||
@@ -27,6 +29,7 @@
|
||||
"tiny-secp256k1": "^2.2.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"nodemon": "^3.0.2"
|
||||
"nodemon": "^3.0.2",
|
||||
"playwright": "^1.61.1"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user