github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 11:39:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
bc06965ec3
project-nomad/admin
History
Sebastion bc06965ec3
fix(security): move hardcoded HMAC secret to environment variable 
The benchmark submission HMAC signing secret was hardcoded in source
code (CWE-798), allowing anyone reading the open-source repository to
extract it and forge benchmark submissions to benchmark.projectnomad.us.

- Read BENCHMARK_HMAC_SECRET from env instead of embedding it in code
- Register the variable in the AdonisJS env schema (optional)
- Add a guard in submitToRepository() that rejects submissions when
  the secret is not configured
- Document the new variable in .env.example

The benchmark server operator must now inject the real secret via the
BENCHMARK_HMAC_SECRET environment variable (e.g. in docker-compose or
a .env file).  The previously committed secret should be rotated
server-side.
2026-03-25 08:00:43 +00:00
..
app fix(security): move hardcoded HMAC secret to environment variable 2026-03-25 08:00:43 +00:00
bin feat: curated content system overhaul 2026-02-11 15:44:46 -08:00
commands fix: improve download reliability with stall detection, failure visibility, and Wikipedia status tracking 2026-03-20 11:46:10 -07:00
config fix(ui): reduce SSE reconnect churn and polling overhead on navigation 2026-03-20 11:46:10 -07:00
constants feat(UI): add Night Ops dark mode with theme toggle 2026-03-20 11:46:10 -07:00
database feat: support for updating services 2026-03-11 14:08:09 -07:00
docs docs(release): finalize v1.30.0 release notes [skip ci] 2026-03-20 18:48:42 +00:00
inertia fix(ui): ref issue in benchmark page 2026-03-20 19:29:13 +00:00
providers fix(Maps): static path resolution 2026-01-23 14:17:25 -08:00
public feat(UI): add Support the Project settings page 2026-03-20 11:46:10 -07:00
resources/views feat(UI): add Night Ops dark mode with theme toggle 2026-03-20 11:46:10 -07:00
start fix(security): move hardcoded HMAC secret to environment variable 2026-03-25 08:00:43 +00:00
tests feat: initial commit 2025-06-29 15:51:08 -07:00
types fix(GPU): persist GPU type to KV store for reliable passthrough 2026-03-20 11:46:10 -07:00
util feat: display model download progress 2026-02-06 16:22:23 -08:00
views feat: initial commit 2025-06-29 15:51:08 -07:00
.editorconfig feat: initial commit 2025-06-29 15:51:08 -07:00
.env.example fix(security): move hardcoded HMAC secret to environment variable 2026-03-25 08:00:43 +00:00
ace.js feat: initial commit 2025-06-29 15:51:08 -07:00
adonisrc.ts feat: background job overhaul with bullmq 2025-12-06 23:59:01 -08:00
eslint.config.js feat: openwebui+ollama and zim management 2025-07-09 09:08:21 -07:00
package-lock.json fix: upgrade systeminformation to 5.31.0 (CVE-2026-26318) 2026-03-20 11:46:10 -07:00
package.json fix: upgrade systeminformation to 5.31.0 (CVE-2026-26318) 2026-03-20 11:46:10 -07:00
tailwind.config.ts feat: initial commit 2025-06-29 15:51:08 -07:00
tsconfig.json feat: initial commit 2025-06-29 15:51:08 -07:00
vite.config.ts feat: initial commit 2025-06-29 15:51:08 -07:00