tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-03 22:48:20 -06:00
Code Issues Packages Projects Releases Wiki Activity
70 Commits 1 Branch 7 Tags
2d4eac658388a40f457245cf3d4b3afd957606ec
Commit Graph

9 Commits

Author SHA1 Message Date
steve 2d4eac6583 refactor: migrate admin auth from HTTP Basic to Flask-Login sessions 
Replaces browser-cached Basic Auth credentials with proper server-side
session management. Logout now fully invalidates the session. Adds an
HTML login form at /admin/login, SECRET_KEY env var support, and updates
README with key generation instructions and role table.
 2026-03-10 11:41:16 -06:00
steve e6d742f92e fix: replace regex email validation with email-validator 
Swap hand-rolled regex for the email-validator library which handles
RFC 5322 edge cases correctly. check_deliverability=False skips DNS
lookups (not viable on an intranet). Blank email still passes — only
a non-empty, malformed address triggers the error.
 2026-03-09 20:36:54 -06:00
steve e0d72f8057 feat: add rate limiting to form submission 
Add Flask-Limiter and cap POST submissions to 5 per minute per IP.
GET requests are not limited. Uses in-memory storage (appropriate
for single-instance kiosk deployment).
 2026-03-09 20:29:17 -06:00
steve 3e17574fe6 fix: upgrade to Flask 3.x and replace before_first_request 
- Pin Flask to >=3.1.3 to resolve all outstanding Dependabot CVEs
  (session cookie Vary header, Werkzeug DoS/RCE/safe_join vulns)
- Replace removed @before_first_request decorator with app.app_context()
  call at module level, compatible with Flask 3.0+
 2026-03-09 20:15:14 -06:00
Steve Dogiakos 75e69d5144 chore: lint and update docker-compose.yml 
- Fixed port variable interpolation to use ${PORT:-8000} for a default value.
- Updated volume configuration to use a named volume (guestbook_data) mounted at /data.
- Improved YAML formatting for clarity.
 2025-04-01 21:53:25 -06:00
Steve Dogiakos 2cfe3f59fe chore(deps): bump Werkzeug to 3.0.6 2025-04-01 19:56:39 -06:00
dependabot[bot] e5cf293adc chore(deps): bump Flask from 2.1.1 to 2.2.5 
Bumps [flask](https://github.com/pallets/flask) from 2.1.1 to 2.2.5.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/flask/compare/2.1.1...2.2.5)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-02 01:46:15 +00:00
Steve Dogiakos bd86069d22 fix: pin Flask version in requirements.txt 2025-04-01 17:28:09 -06:00
steve 4f48124bbf feat!: migrate from Node.js to Flask with SQLite 2025-04-01 16:55:34 -06:00