Security hardening: authentication, input validation, OWASP compliance, architecture improvements, and CSP fixes for browser mode (#942)

2025-12-22 16:52:42 +01:00
parent a7136bd572
commit 6c041cba02
50 changed files with 1943 additions and 734 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -2,7 +2,7 @@
  "name": "MQTT Explorer Development",
  "dockerComposeFile": "docker-compose.yml",
  "service": "app",
-  "workspaceFolder": "/workspace",
+  "workspaceFolder": "/workspace/MQTT-Explorer",

  "customizations": {
    "vscode": {
@@ -15,7 +15,6 @@
      ],
      "settings": {
        "editor.formatOnSave": true,
-        "editor.defaultFormatter": "esbenp.prettier-vscode",
        "typescript.tsdk": "node_modules/typescript/lib",
        "editor.codeActionsOnSave": {
          "source.fixAll.eslint": "explicit"
@@ -24,7 +23,7 @@
    }
  },

-  "forwardPorts": [3000, 8080, 1883],
+  "forwardPorts": [3000, 8080, 1883, 5900, 6080],
  "portsAttributes": {
    "3000": {
      "label": "MQTT Explorer Server",
@@ -37,10 +36,29 @@
    "1883": {
      "label": "MQTT Broker",
      "onAutoForward": "ignore"
+    },
+    "5900": {
+      "label": "VNC Server",
+      "onAutoForward": "ignore"
+    },
+    "6080": {
+      "label": "noVNC Web Client",
+      "onAutoForward": "notify"
    }
  },

  "postCreateCommand": "yarn install",

+  "postStartCommand": "sudo apt-get update && sudo apt-get install -y mosquitto xvfb x11vnc ffmpeg tmux python3 python3-pip && sudo pip3 install --break-system-packages websockify",
+
+  "features": {
+    "ghcr.io/devcontainers/features/common-utils:2": {
+      "installZsh": true,
+      "installOhMyZsh": true,
+      "upgradePackages": true
+    }
+  },
+
  "remoteUser": "node"
 }
+
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,9 +2,9 @@ version: '3.8'

 services:
  app:
-    image: mcr.microsoft.com/devcontainers/javascript-node:20
+    image: mcr.microsoft.com/devcontainers/javascript-node:24
    volumes:
-      - ../..:/workspace:cached
+      - ..:/workspaces/MQTT-Explorer:cached
    command: sleep infinity
    network_mode: service:mosquitto
    environment:
@@ -14,8 +14,10 @@ services:
  mosquitto:
    image: eclipse-mosquitto:2
    ports:
-      - "1883:1883"
-      - "3000:3000"
-      - "8080:8080"
+      - '1883:1883'
+      - '3000:3000'
+      - '8080:8080'
+      - '5900:5900'
+      - '6080:6080'
    volumes:
      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro