eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-05-13 18:46:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
930 Commits 167 Branches 48 Tags
cfbd1ad8a1f2d792f7dbba9560de61ba8522bb76
Commit Graph

17 Commits

Author SHA1 Message Date
Elie Habib
a9224254a5 fix: security hardening — CORS, auth bypass, origin validation & bump v2.2.7 
- Tighten CORS regex to block worldmonitorEVIL.vercel.app spoofing
- Move sidecar /api/local-env-update behind token auth + add key allowlist
- Add postMessage origin/source validation in LiveNewsPanel
- Replace postMessage wildcard '*' targetOrigin with specific origin
- Add isDisallowedOrigin() check to 25 API endpoints missing it
- Migrate gdelt-geo & EIA from custom CORS to shared _cors.js
- Add CORS to firms-fires, stock-index, youtube/live endpoints
- Tighten youtube/embed.js ALLOWED_ORIGINS regex
- Remove 'unsafe-inline' from CSP script-src
- Add iframe sandbox attribute to YouTube embed
- Validate meta-tags URL query params with regex allowlist
 2026-02-15 20:33:20 +04:00
Elie Habib
ac935d505e fix: migrate all Vercel edge functions to CORS allowlist & bump v2.2.5 
Replace Access-Control-Allow-Origin: * with shared getCorsHeaders()
across 20 API edge functions to restrict access to worldmonitor.app,
tech.worldmonitor.app, and authorized Vercel preview URLs.

Version bump to 2.2.5 across package.json, tauri.conf.json, Cargo.toml.
 2026-02-15 19:13:54 +04:00
Elie Habib
c353cf2070 Reduce egress costs, add PWA support, fix Polymarket and Railway relay 
Egress optimization:
- Add s-maxage + stale-while-revalidate to all API endpoints for Vercel CDN caching
- Add vercel.json with immutable caching for hashed assets
- Add gzip compression to sidecar responses >1KB
- Add gzip to Railway RSS responses (4 paths previously uncompressed)
- Increase polling intervals: markets/crypto 60s→120s, ETF/macro/stablecoins 60s→180s
- Remove hardcoded Railway URL from theater-posture.js (now env-var only)

PWA / Service Worker:
- Add vite-plugin-pwa with autoUpdate strategy
- Cache map tiles (CacheFirst), fonts (StaleWhileRevalidate), static assets
- NetworkOnly for all /api/* routes (real-time data must be fresh)
- Manual SW registration (web only, skip Tauri)
- Add offline fallback page
- Replace manual manifest with plugin-generated manifest

Polymarket fix:
- Route dev proxy through production Vercel (bypasses JA3 blocking)
- Add 4th fallback tier: production URL as absolute fallback

Desktop/Sidecar:
- Dual-backend cache (_upstash-cache.js): Redis cloud + in-memory+file desktop
- Settings window OK/Cancel redesign
- Runtime config and secret injection improvements
 2026-02-14 19:53:04 +04:00
Elie Habib
922440d7be Restore original opensky endpoint name - OpenSky blocks Vercel 2026-01-11 09:13:09 +04:00
Elie Habib
a08892e07d Rename opensky to opensky2 to force new function 2026-01-11 09:11:11 +04:00
Elie Habib
45d015592e Try browser-like headers for OpenSky 2026-01-11 09:09:55 +04:00
Elie Habib
72974c0c22 Force rebuild of OpenSky proxy 2026-01-11 09:07:18 +04:00
Elie Habib
d0bea3a4dd Add detailed error messages to OpenSky proxy 2026-01-11 09:03:27 +04:00
Elie Habib
9651e85992 Simplify OpenSky proxy - edge runtime, no auth 2026-01-11 09:01:29 +04:00
Elie Habib
c591ce435b Add error details to OpenSky proxy 2026-01-11 09:00:17 +04:00
Elie Habib
7ca0afca17 Fix Node.js runtime handler signature 2026-01-11 08:59:13 +04:00
Elie Habib
f3cb183c44 Switch to Node.js runtime for better network to OpenSky 2026-01-11 08:58:16 +04:00
Elie Habib
29f644f16f Switch OpenSky to Basic Auth - faster than OAuth token fetch 2026-01-11 08:57:08 +04:00
Elie Habib
0c75c85960 Fix API timeouts and reduce OpenSky requests 
- Add explicit timeouts to OpenSky (12s) and RSS (8s) proxies
- Consolidate 10 military hotspots into 4 larger regions
- Increase military refresh interval from 2 to 5 minutes
- Switch OpenAI feed to Google News (OpenAI blocks proxies)
 2026-01-11 08:50:19 +04:00
Elie Habib
bd8d4ea11b Add data attribution section and fix OpenSky OAuth2 endpoint 
- Add comprehensive Data Attribution section to README with proper
  citations for all data sources (OpenSky, ACLED, GDELT, CoinGecko,
  Yahoo Finance, USGS, FRED, Cloudflare Radar, etc.)
- Add Acknowledgments section crediting Reggie James (@HipCityReg)
  for the original dashboard concept inspiration
- Fix OpenSky OAuth2 token endpoint URL (was using wrong endpoint)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 08:28:06 +04:00
Elie Habib
fcd3448656 Update OpenSky proxy to use OAuth2 client credentials 
- Uses OPENSKY_CLIENT_ID and OPENSKY_CLIENT_SECRET env vars
- Token caching with automatic refresh
- Falls back to anonymous if not configured

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 07:46:17 +04:00
Elie Habib
6690103965 Add OpenSky proxy for military flight tracking (PR #13 fix) 
Serverless proxy for OpenSky Network API with:
- Bounding box parameter forwarding
- Optional auth via OPENSKY_USERNAME/PASSWORD env vars
- Rate limit handling (returns 429 cleanly)
- 10s cache for efficiency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 07:43:13 +04:00