updating tasks
This commit is contained in:
lila
parent
5b266d7435
commit
762cf91f86
1 changed files with 1 additions and 3 deletions
|
|
@ -26,9 +26,6 @@ Things that are actively in progress or should be picked up immediately. Mostly
|
|||
- **Hetzner domain migration check** `[infra]`
|
||||
Verify whether the lilastudy.com domain needs to be migrated following a Hetzner DNS change. Check Hetzner dashboard for any pending migration notice.
|
||||
|
||||
- **Security headers with helmet** `[security]`
|
||||
Add helmet middleware to set secure HTTP response headers. One-liner: app.use(helmet()). Covers headers like X-Content-Type-Options, X-Frame-Options, and Content-Security-Policy.
|
||||
|
||||
- **Conditionally register OAuth providers** `[debt]`
|
||||
Better Auth logs warnings when social providers are registered without credentials (`Social provider google is missing clientId or clientSecret`). Instead of registering all providers unconditionally, only add a provider to the config when its credentials are present in the environment. Keeps local dev clean for contributors who don't have OAuth apps set up.
|
||||
|
||||
|
|
@ -120,6 +117,7 @@ Directionally right, timing is unclear. Revisit when the next/now work is done.
|
|||
|
||||
Shipped milestones, newest first.
|
||||
|
||||
- **04 - 2026 - Security headers with helmet** - Add helmet middleware to set secure HTTP response headers.
|
||||
- **04 - 2026 - Rate limiting on API endpoints** - At minimum: auth endpoints (brute force prevention) and game endpoints (spam prevention)
|
||||
- **04 - 2026 — Migrations in deploy pipeline** — Drizzle migrate runs as a CI/CD step before the API container restarts
|
||||
- **04 - 2026 — Phase 6: Production deployment** — Hetzner VPS, Caddy HTTPS, Forgejo CI/CD, daily DB backups, cross-subdomain auth
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue