| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | security: harden Go worker | Fuwn | 2026-02-08 | 1 | -3/+0 |
| | | | | | | | | | | | | | - Fix SSRF TOCTOU: add custom dialer that resolves DNS and validates IPs at connection time, preventing DNS rebinding attacks - Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1) in SSRF protection by normalizing to IPv4 before checking reserved ranges - Sanitize feed error messages before storing: strip credentials from URLs and truncate to 500 chars - Remove unused EncryptionKey from configuration - Add stack trace logging to worker panic recovery for debugging - Run go fmt | ||||
| * | feat: asa.news RSS reader with developer tier, REST API, and webhooks | Fuwn | 2026-02-07 | 1 | -0/+110 |
| Full-stack RSS reader SaaS: Supabase + Next.js + Go worker. Includes three subscription tiers (free/pro/developer), API key auth, read-only REST API, webhook push notifications, Stripe billing with proration, and PWA support. | |||||