Security hardening: authentication, input validation, OWASP compliance, architecture improvements, and CSP fixes for browser mode (#942)

2025-12-22 16:52:42 +01:00
parent a7136bd572
commit 6c041cba02
50 changed files with 1943 additions and 734 deletions
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
  "description": "Explore your message queues",
  "main": "dist/src/electron.js",
  "engines": {
-    "node": ">=24"
+    "node": ">=20"
  },
  "private": "true",
  "scripts": {
@@ -14,6 +14,7 @@
    "test:app": "cd app && yarn test",
    "test:backend": "cd backend && yarn test",
    "test:ui": "tsc && mocha --require source-map-support/register dist/src/spec/ui-tests.spec.js",
+    "test:ui:vnc": "tsc && ./scripts/uiTestsWithVnc.sh",
    "test:mcp": "tsc && node dist/src/spec/testMcpIntrospection.js",
    "install": "cd app && yarn && cd ..",
    "dev": "npm-run-all --parallel dev:*",
@@ -93,7 +94,9 @@
    "@types/bcryptjs": "^3.0.0",
    "@types/chai": "^4.3.20",
    "@types/express": "^5.0.6",
+    "@types/express-rate-limit": "^6.0.2",
    "@types/fs-extra": "^11.0.4",
+    "@types/helmet": "^4.0.0",
    "@types/json-to-ast": "^2.1.4",
    "@types/lowdb": "^1.0.15",
    "@types/mime": "^4.0.0",
@@ -136,7 +139,10 @@
    "electron-log": "^5.4.3",
    "electron-updater": "^6.6.2",
    "express": "^5.2.1",
+    "express-rate-limit": "^8.2.1",
+    "express-validator": "^7.3.1",
    "fs-extra": "^11.3.3",
+    "helmet": "^8.1.0",
    "js-base64": "^3.7.8",
    "json-to-ast": "^2.1.0",
    "lowdb": "^1.0.0",