security: CORS hardening, path traversal fix, WebSocket auth + cleanup
- Restrict CORS to localhost origins (was allow_origins=[*])
- Require valid JWT on WebSocket /ws (anonymous no longer gets admin view)
- Fix path traversal in delete_cell(): resolve() + parent check
- Validate cell_id format in /charts/download-noaa/{cell_id}
- Exclude charts/ and Cartas/ from git (keep US1GC09M world overview)
- Add NOAA ENC Portal external link in charts catalog tab
- Untrack __pycache__/, .db, .claude/ session files
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+52
-8
@@ -227,6 +227,26 @@ body {
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
/* Small select controls in the toolbar (trail window, vector mode/time) */
|
||||
.tb-select {
|
||||
background: var(--bg-base);
|
||||
border: 1px solid var(--border);
|
||||
color: var(--text-secondary);
|
||||
border-radius: 2px;
|
||||
font-size: 0.62rem;
|
||||
font-family: var(--sans);
|
||||
font-weight: 500;
|
||||
letter-spacing: 0.5px;
|
||||
padding: 2px 4px;
|
||||
height: 24px;
|
||||
cursor: pointer;
|
||||
outline: none;
|
||||
transition: border-color 0.15s;
|
||||
}
|
||||
.tb-select:hover { border-color: var(--border-light); color: var(--text-primary); }
|
||||
.tb-select:focus { border-color: var(--accent); }
|
||||
.tb-select option { background: var(--bg-panel2); color: var(--text-primary); }
|
||||
|
||||
#map { flex: 1; }
|
||||
|
||||
#map-coords {
|
||||
@@ -413,7 +433,7 @@ body {
|
||||
}
|
||||
|
||||
.field-label {
|
||||
font-size: 0.54rem;
|
||||
font-size: 0.68rem;
|
||||
letter-spacing: 1.5px;
|
||||
text-transform: uppercase;
|
||||
color: var(--text-muted);
|
||||
@@ -421,7 +441,7 @@ body {
|
||||
}
|
||||
|
||||
.field-value {
|
||||
font-size: 0.76rem;
|
||||
font-size: 0.92rem;
|
||||
color: var(--text-primary);
|
||||
font-family: var(--mono);
|
||||
}
|
||||
@@ -430,19 +450,19 @@ body {
|
||||
background: var(--bg-base);
|
||||
border: 1px solid var(--border);
|
||||
border-radius: 3px;
|
||||
padding: 4px 8px;
|
||||
padding: 6px 10px;
|
||||
font-family: var(--mono);
|
||||
font-size: 0.7rem;
|
||||
font-size: 0.88rem;
|
||||
color: var(--cyan);
|
||||
line-height: 1.35;
|
||||
margin-bottom: 6px;
|
||||
line-height: 1.4;
|
||||
margin-bottom: 8px;
|
||||
}
|
||||
.coords-block .label {
|
||||
font-size: 0.54rem;
|
||||
font-size: 0.68rem;
|
||||
color: var(--text-muted);
|
||||
letter-spacing: 1.5px;
|
||||
text-transform: uppercase;
|
||||
margin-bottom: 1px;
|
||||
margin-bottom: 2px;
|
||||
font-family: var(--sans);
|
||||
}
|
||||
|
||||
@@ -1460,3 +1480,27 @@ html.night .ol-zoom button {
|
||||
}
|
||||
.aton-ok { color: var(--green); }
|
||||
.aton-warn { color: var(--yellow); font-weight: 600; }
|
||||
|
||||
/* ── Battery history chart ───────────────────────────────────────────────── */
|
||||
.batt-chart-hdr {
|
||||
display: flex; align-items: center;
|
||||
justify-content: space-between; margin-bottom: 6px;
|
||||
}
|
||||
.batt-range-btns { display: flex; gap: 4px; }
|
||||
.batt-rb {
|
||||
background: transparent; border: 1px solid var(--border);
|
||||
color: var(--text-secondary); border-radius: 2px;
|
||||
font-size: 0.6rem; font-family: var(--mono);
|
||||
padding: 2px 6px; cursor: pointer; transition: all .15s;
|
||||
}
|
||||
.batt-rb:hover { border-color: var(--border-light); color: var(--text-primary); }
|
||||
.batt-rb.active { background: var(--accent-dim); border-color: var(--accent); color: #fff; }
|
||||
#batt-chart-wrap { margin-bottom: 8px; }
|
||||
#batt-chart-svg { width: 100%; }
|
||||
.batt-stats {
|
||||
display: flex; flex-wrap: wrap; gap: 6px 12px;
|
||||
font-size: 0.68rem; color: var(--text-muted);
|
||||
margin-top: 4px; font-family: var(--mono);
|
||||
}
|
||||
.batt-stat { color: var(--text-secondary); }
|
||||
.batt-stat-eta { color: var(--text-secondary); }
|
||||
|
||||
Reference in New Issue
Block a user