tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 03:50:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
105 Commits 1 Branch 7 Tags
c1db6ee69212eb552dfafe8595047b2243076bb1
Commit Graph

16 Commits

Author SHA1 Message Date
steve c1db6ee692 Merge pull request #29 from tmdinosaurcenter/dependabot/pip/flask-limiter-gte-4.1.1 
chore(deps): update flask-limiter requirement from >=3.0 to >=4.1.1
 2026-04-27 08:45:17 -06:00
steve 523a9e22c2 Merge pull request #28 from tmdinosaurcenter/dependabot/pip/email-validator-gte-2.3.0 
chore(deps): update email-validator requirement from >=2.0 to >=2.3.0
 2026-04-27 08:45:09 -06:00
dependabot[bot] a7350bc3d5 chore(deps): update flask-limiter requirement from >=3.0 to >=4.1.1 
Updates the requirements on [flask-limiter](https://github.com/alisaifee/flask-limiter) to permit the latest version.
- [Release notes](https://github.com/alisaifee/flask-limiter/releases)
- [Changelog](https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst)
- [Commits](https://github.com/alisaifee/flask-limiter/compare/3.0.0...4.1.1)

---
updated-dependencies:
- dependency-name: flask-limiter
  dependency-version: 4.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-27 11:57:46 +00:00
dependabot[bot] e3ed22a201 chore(deps): update email-validator requirement from >=2.0 to >=2.3.0 
Updates the requirements on [email-validator](https://github.com/JoshData/python-email-validator) to permit the latest version.
- [Release notes](https://github.com/JoshData/python-email-validator/releases)
- [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/JoshData/python-email-validator/compare/v2.0.0...v2.3.0)

---
updated-dependencies:
- dependency-name: email-validator
  dependency-version: 2.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-27 11:57:43 +00:00
dependabot[bot] d37887fb93 chore(deps): update flask-wtf requirement from >=1.2 to >=1.3.0 
Updates the requirements on [flask-wtf](https://github.com/pallets-eco/flask-wtf) to permit the latest version.
- [Release notes](https://github.com/pallets-eco/flask-wtf/releases)
- [Changelog](https://github.com/pallets-eco/flask-wtf/blob/main/docs/changes.rst)
- [Commits](https://github.com/pallets-eco/flask-wtf/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: flask-wtf
  dependency-version: 1.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-27 11:57:40 +00:00
steve ecdcc044b7 feat: add CSRF protection to all POST forms 
Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token
hidden fields to all four POST forms (login, delete entry, add user,
delete user, and the public guestbook form). Exempts the API endpoint
which uses header-based key auth instead.
 2026-03-28 23:23:53 -06:00
steve 4f675fe74c feat: display admin timestamps in America/Denver time 
Convert UTC timestamps from SQLite to Mountain Time (America/Denver)
using a Jinja2 template filter backed by zoneinfo; add tzdata dependency
for IANA timezone data in the slim Docker image.
 2026-03-28 22:58:37 -06:00
steve 2d4eac6583 refactor: migrate admin auth from HTTP Basic to Flask-Login sessions 
Replaces browser-cached Basic Auth credentials with proper server-side
session management. Logout now fully invalidates the session. Adds an
HTML login form at /admin/login, SECRET_KEY env var support, and updates
README with key generation instructions and role table.
 2026-03-10 11:41:16 -06:00
steve e6d742f92e fix: replace regex email validation with email-validator 
Swap hand-rolled regex for the email-validator library which handles
RFC 5322 edge cases correctly. check_deliverability=False skips DNS
lookups (not viable on an intranet). Blank email still passes — only
a non-empty, malformed address triggers the error.
 2026-03-09 20:36:54 -06:00
steve e0d72f8057 feat: add rate limiting to form submission 
Add Flask-Limiter and cap POST submissions to 5 per minute per IP.
GET requests are not limited. Uses in-memory storage (appropriate
for single-instance kiosk deployment).
 2026-03-09 20:29:17 -06:00
steve 3e17574fe6 fix: upgrade to Flask 3.x and replace before_first_request 
- Pin Flask to >=3.1.3 to resolve all outstanding Dependabot CVEs
  (session cookie Vary header, Werkzeug DoS/RCE/safe_join vulns)
- Replace removed @before_first_request decorator with app.app_context()
  call at module level, compatible with Flask 3.0+
 2026-03-09 20:15:14 -06:00
Steve Dogiakos 75e69d5144 chore: lint and update docker-compose.yml 
- Fixed port variable interpolation to use ${PORT:-8000} for a default value.
- Updated volume configuration to use a named volume (guestbook_data) mounted at /data.
- Improved YAML formatting for clarity.
 2025-04-01 21:53:25 -06:00
Steve Dogiakos 2cfe3f59fe chore(deps): bump Werkzeug to 3.0.6 2025-04-01 19:56:39 -06:00
dependabot[bot] e5cf293adc chore(deps): bump Flask from 2.1.1 to 2.2.5 
Bumps [flask](https://github.com/pallets/flask) from 2.1.1 to 2.2.5.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/flask/compare/2.1.1...2.2.5)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-02 01:46:15 +00:00
Steve Dogiakos bd86069d22 fix: pin Flask version in requirements.txt 2025-04-01 17:28:09 -06:00
steve 4f48124bbf feat!: migrate from Node.js to Flask with SQLite 2025-04-01 16:55:34 -06:00