1a74a930f7
Security (33 pentest findings addressed): - CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed - HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted - HIGH: tar slip prevention, S3 SSRF validation, backup ID validation - MEDIUM: remember-me random secret, TOTP session rotation, password re-auth - LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation Container reliability: - Memory limits on all 37 containers (OOM prevention) - Exited vs stopped state distinction with health-aware status badges - Crash recovery coordination (no more restart cascade) - User-stopped tracking survives reboots - Tiered boot recovery (databases → core → services → apps) UI: - Wallet TransactionsModal, health-aware app status badges - Restart button on containers, exited/crashed red state - Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch - Apps sticky header removed, dev faucet, mutable mock wallet Infrastructure: - LND REST port 8080 exposed over Tor (LND Connect fix) - Nginx cookie_session fix, deploy script Tor config updated - Dev environment: podman auto-start, boot mode simulation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
127 lines
3.9 KiB
JavaScript
127 lines
3.9 KiB
JavaScript
/**
|
||
* Copyright 2018 Google Inc. All Rights Reserved.
|
||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
* you may not use this file except in compliance with the License.
|
||
* You may obtain a copy of the License at
|
||
* http://www.apache.org/licenses/LICENSE-2.0
|
||
* Unless required by applicable law or agreed to in writing, software
|
||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
* See the License for the specific language governing permissions and
|
||
* limitations under the License.
|
||
*/
|
||
|
||
// If the loader is already loaded, just stop.
|
||
if (!self.define) {
|
||
let registry = {};
|
||
|
||
// Used for `eval` and `importScripts` where we can't get script URL by other means.
|
||
// In both cases, it's safe to use a global var because those functions are synchronous.
|
||
let nextDefineUri;
|
||
|
||
const singleRequire = (uri, parentUri) => {
|
||
uri = new URL(uri + ".js", parentUri).href;
|
||
return registry[uri] || (
|
||
|
||
new Promise(resolve => {
|
||
if ("document" in self) {
|
||
const script = document.createElement("script");
|
||
script.src = uri;
|
||
script.onload = resolve;
|
||
document.head.appendChild(script);
|
||
} else {
|
||
nextDefineUri = uri;
|
||
importScripts(uri);
|
||
resolve();
|
||
}
|
||
})
|
||
|
||
.then(() => {
|
||
let promise = registry[uri];
|
||
if (!promise) {
|
||
throw new Error(`Module ${uri} didn’t register its module`);
|
||
}
|
||
return promise;
|
||
})
|
||
);
|
||
};
|
||
|
||
self.define = (depsNames, factory) => {
|
||
const uri = nextDefineUri || ("document" in self ? document.currentScript.src : "") || location.href;
|
||
if (registry[uri]) {
|
||
// Module is already loading or loaded.
|
||
return;
|
||
}
|
||
let exports = {};
|
||
const require = depUri => singleRequire(depUri, uri);
|
||
const specialDeps = {
|
||
module: { uri },
|
||
exports,
|
||
require
|
||
};
|
||
registry[uri] = Promise.all(depsNames.map(
|
||
depName => specialDeps[depName] || require(depName)
|
||
)).then(deps => {
|
||
factory(...deps);
|
||
return exports;
|
||
});
|
||
};
|
||
}
|
||
define(['./workbox-21a80088'], (function (workbox) { 'use strict';
|
||
|
||
self.skipWaiting();
|
||
workbox.clientsClaim();
|
||
|
||
/**
|
||
* The precacheAndRoute() method efficiently caches and responds to
|
||
* requests for URLs in the manifest.
|
||
* See https://goo.gl/S9QRab
|
||
*/
|
||
workbox.precacheAndRoute([{
|
||
"url": "registerSW.js",
|
||
"revision": "3ca0b8505b4bec776b69afdba2768812"
|
||
}, {
|
||
"url": "index.html",
|
||
"revision": "0.3ur9h1c6gak"
|
||
}], {});
|
||
workbox.cleanupOutdatedCaches();
|
||
workbox.registerRoute(new workbox.NavigationRoute(workbox.createHandlerBoundToURL("index.html"), {
|
||
allowlist: [/^\/$/],
|
||
denylist: [/^\/app\//, /^\/rpc\//, /^\/ws/, /^\/aiui\//]
|
||
}));
|
||
workbox.registerRoute(/^https:\/\/fonts\.googleapis\.com\/.*/i, new workbox.CacheFirst({
|
||
"cacheName": "google-fonts-cache",
|
||
plugins: [new workbox.ExpirationPlugin({
|
||
maxEntries: 10,
|
||
maxAgeSeconds: 31536000
|
||
}), new workbox.CacheableResponsePlugin({
|
||
statuses: [0, 200]
|
||
})]
|
||
}), 'GET');
|
||
workbox.registerRoute(/^https:\/\/fonts\.gstatic\.com\/.*/i, new workbox.CacheFirst({
|
||
"cacheName": "gstatic-fonts-cache",
|
||
plugins: [new workbox.ExpirationPlugin({
|
||
maxEntries: 10,
|
||
maxAgeSeconds: 31536000
|
||
}), new workbox.CacheableResponsePlugin({
|
||
statuses: [0, 200]
|
||
})]
|
||
}), 'GET');
|
||
workbox.registerRoute(/\/rpc\/v1\/.*/i, new workbox.NetworkFirst({
|
||
"cacheName": "api-cache",
|
||
"networkTimeoutSeconds": 10,
|
||
plugins: [new workbox.ExpirationPlugin({
|
||
maxEntries: 50,
|
||
maxAgeSeconds: 300
|
||
})]
|
||
}), 'GET');
|
||
workbox.registerRoute(/\/assets\/.*/i, new workbox.CacheFirst({
|
||
"cacheName": "assets-cache-v2",
|
||
plugins: [new workbox.ExpirationPlugin({
|
||
maxEntries: 100,
|
||
maxAgeSeconds: 2592000
|
||
})]
|
||
}), 'GET');
|
||
|
||
}));
|