5 Commits

Author SHA1 Message Date
alro65 cfd94f905a security: CORS hardening, path traversal fix, WebSocket auth + cleanup
- Restrict CORS to localhost origins (was allow_origins=[*])
- Require valid JWT on WebSocket /ws (anonymous no longer gets admin view)
- Fix path traversal in delete_cell(): resolve() + parent check
- Validate cell_id format in /charts/download-noaa/{cell_id}
- Exclude charts/ and Cartas/ from git (keep US1GC09M world overview)
- Add NOAA ENC Portal external link in charts catalog tab
- Untrack __pycache__/, .db, .claude/ session files

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-03 12:45:43 -04:00
alro65 1f03a329b2 Security: SECRET_KEY obligatorio desde .env — sin fallback hardcodeado 2026-05-04 23:24:30 -04:00
alro65 d290c98784 Security: fix path traversal in chart_name 2026-05-04 23:19:03 -04:00
alro65 fcf1d2787a Initial commit — multi-tenant filtering, port constraints, chart bbox 2026-05-04 22:41:09 -04:00
alro65 8edb425c24 v1-base: estado funcional al 2026-04-30 — buoys 3D, beacons 3D, enfilaciones, land-clip, buoy light merge 2026-04-30 13:50:01 -04:00