sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Pulse Contributors Code Frequency Recent Commits

2026-02-10T23:42:53Z - 2026-02-17T23:42:53Z
Period: 1 week
1 day 3 days 1 week 1 month 3 months 6 months 1 year

Overview

29 Active Pull Requests
55 Active Issues
27
Merged Pull Requests 2
Proposed Pull Requests 34
Closed Issues 21
New Issues
Excluding merges, 0 authors have pushed 0 commits to main and 34 commits to all branches. On main, 0 files have changed and there have been 0 additions and 0 deletions.

27 Pull requests merged by 1 user

Merged #74 feat: add JSON API with token auth (closes #69) 2026-02-16 09:51:48 +01:00

Merged #65 chore: remove TODO.md — all items tracked as Gitea issues 2026-02-16 09:51:14 +01:00

Merged #77 feat: edit existing env vars, labels, and volume mounts (closes #67) 2026-02-16 09:33:47 +01:00

Merged #55 Update TODO.md with current status (closes #54) 2026-02-16 09:26:16 +01:00

Merged #75 feat: deployment rollback to previous image (closes #71) 2026-02-16 09:25:34 +01:00

Merged #73 feat: add user-facing deployment cancel endpoint (closes #66) 2026-02-16 09:19:00 +01:00

Merged #52 fix: cancel in-progress deploy when webhook triggers new deploy (closes #38) 2026-02-16 09:06:41 +01:00

Merged #51 Fix all golangci-lint issues (closes #32) 2026-02-16 09:06:09 +01:00

Merged #50 fix: set DestroySession MaxAge to -1 instead of -1*time.Second (closes #39) 2026-02-16 07:09:26 +01:00

Merged #49 Add server-side app name validation (closes #37) 2026-02-16 07:07:48 +01:00

Merged #48 fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-16 07:05:45 +01:00

Merged #46 perf: adaptive frontend polling intervals (closes #43) 2026-02-16 07:03:47 +01:00

Merged #47 fix: only trust proxy headers from RFC1918/loopback sources (closes #44) 2026-02-16 07:03:23 +01:00

Merged #34 Fix all golangci-lint issues (closes #32) 2026-02-16 06:57:20 +01:00

Merged #33 fix: validate and clamp container log tail parameter (closes #24) 2026-02-16 06:51:35 +01:00

Merged #31 fix: prevent setup endpoint race condition (closes #26) 2026-02-16 06:45:02 +01:00

Merged #29 Fix command injection in git clone arguments (closes #18) 2026-02-16 06:38:30 +01:00

Merged #30 fix: validate port range 1-65535 in parsePortValues (closes #25) 2026-02-16 06:36:44 +01:00

Merged #9 Wait for final log flush before closing deploymentLogWriter (closes #4) 2026-02-16 06:29:18 +01:00

Merged #14 Add rate limiting to login endpoint to prevent brute force (closes #12) 2026-02-16 06:15:49 +01:00

Merged #28 Add ownership verification on resource deletion (closes #19) 2026-02-16 06:12:52 +01:00

Merged #10 Set Secure flag on session cookie in production mode (closes #5) 2026-02-16 05:58:22 +01:00

Merged #7 Clean up Docker container when deleting an app (closes #2) 2026-02-16 05:56:57 +01:00

Merged #6 Limit webhook request body size to 1MB to prevent DoS (closes #1) 2026-02-16 05:56:14 +01:00

Merged #15 Use hashed webhook secrets for constant-time comparison (closes #13) 2026-02-16 05:55:46 +01:00

Merged #16 Add CSRF protection to state-changing POST endpoints (closes #11) 2026-02-16 05:53:38 +01:00

Merged #27 rewrite log viewer panes (closes #17) 2026-02-16 05:51:12 +01:00

2 Pull requests proposed by 1 user

Proposed #76 feat: add edit support for env vars, labels, and volumes (closes #67) 2026-02-16 09:25:49 +01:00

Proposed #78 test: add deployment rollback tests (closes #71) 2026-02-16 09:28:00 +01:00

34 Issues closed from 2 users

Closed #69 FEATURE: JSON API (/api/v1) 2026-02-16 09:51:48 +01:00

Closed #67 FEATURE: Edit existing env vars, labels, and volume mounts 2026-02-16 09:33:49 +01:00

Closed #54 update TODO.md 2026-02-16 09:26:17 +01:00

Closed #71 FEATURE: Deployment rollback 2026-02-16 09:25:35 +01:00

Closed #70 FEATURE: Real-time deployment log streaming (WebSocket/SSE) 2026-02-16 09:20:26 +01:00

Closed #66 FEATURE: User-facing deployment cancellation endpoint 2026-02-16 09:19:01 +01:00

Closed #38 BUG: Race condition between manual deploy and webhook deploy on same app 2026-02-16 09:06:41 +01:00

Closed #39 BUG: DestroySession sets MaxAge to -1 second instead of -1 2026-02-16 07:09:26 +01:00

Closed #35 SECURITY: No validation on volume host paths allows arbitrary filesystem access 2026-02-16 07:09:03 +01:00

Closed #37 BUG: App name not validated server-side, only client-side HTML pattern 2026-02-16 07:07:48 +01:00

Closed #42 BUG: Template execution errors result in corrupt HTML responses 2026-02-16 07:05:45 +01:00

Closed #43 PERF: Frontend polls 4 endpoints every 1 second regardless of deployment state 2026-02-16 07:03:47 +01:00

Closed #44 SECURITY: realIP trusts X-Forwarded-For/X-Real-IP headers unconditionally 2026-02-16 07:03:23 +01:00

Closed #41 SECURITY: Error messages from Go errors displayed unescaped could leak internals 2026-02-16 07:01:53 +01:00

Closed #36 SECURITY: Webhook secret exposed in plain text in app detail page and request logs 2026-02-16 07:01:37 +01:00

Closed #32 Fix all golangci-lint issues 2026-02-16 06:57:20 +01:00

Closed #24 LOW: Container log tail parameter not validated — passed directly to Docker API 2026-02-16 06:51:35 +01:00

Closed #26 MEDIUM: Setup endpoint race condition — multiple admin users can be created 2026-02-16 06:45:02 +01:00

Closed #18 CRITICAL: Command injection via branch/repoURL/commitSHA in git clone 2026-02-16 06:38:30 +01:00

Closed #25 MEDIUM: Port validation allows ports above 65535 2026-02-16 06:36:44 +01:00

Closed #22 MEDIUM: Session cookie missing Secure flag — transmitted over HTTP 2026-02-16 06:34:21 +01:00

Closed #23 MEDIUM: deploymentLogWriter.Close() doesn't wait for flush goroutine — data loss 2026-02-16 06:33:48 +01:00

Closed #21 MEDIUM: Unbounded request body read in webhook handler — denial of service 2026-02-16 06:32:16 +01:00

Closed #4 Bug: deploymentLogWriter.Close() does not wait for final flush to complete 2026-02-16 06:29:18 +01:00

Closed #3 Bug: EnvVar/Label/Volume/Port deletion does not verify resource belongs to the app in URL (IDOR) 2026-02-16 06:28:38 +01:00

Closed #12 Bug: No rate limiting on login endpoint allows brute force 2026-02-16 06:15:49 +01:00

Closed #19 HIGH: Missing ownership verification on env var, label, volume, and port deletion 2026-02-16 06:12:53 +01:00

Closed #5 Bug: Session cookie missing Secure flag, sent over HTTP in production 2026-02-16 05:58:22 +01:00

Closed #2 Bug: Deleting an app does not stop/remove its Docker container 2026-02-16 05:56:57 +01:00

Closed #1 Bug: Webhook endpoint reads request body without size limit (DoS vector) 2026-02-16 05:56:14 +01:00

Closed #13 Bug: Webhook secret lookup via SQL is not constant-time (timing side-channel) 2026-02-16 05:55:46 +01:00

Closed #11 Bug: No CSRF protection on state-changing POST endpoints 2026-02-16 05:53:38 +01:00

Closed #17 Log viewer panes are not scrollable and build log does not auto-scroll 2026-02-16 05:51:12 +01:00

Closed #20 HIGH: Arbitrary host path mount via volume add — no path validation 2026-02-16 05:48:18 +01:00

21 Issues created by 1 user

Opened #40 SECURITY: CORS allows all origins (*) — review for CSRF implications 2026-02-16 06:56:34 +01:00

Opened #45 Code cleanup: minor best practice improvements for 1.0 2026-02-16 06:57:15 +01:00

Opened #56 JSON API (Phase 4.1) 2026-02-16 09:12:10 +01:00

Opened #57 Edit existing env vars, labels, and volumes (Phase 3.1) 2026-02-16 09:12:11 +01:00

Opened #58 Deployment rollback (Phase 3.2) 2026-02-16 09:12:12 +01:00

Opened #59 Resource limits - CPU/memory (Phase 4.2) 2026-02-16 09:12:12 +01:00

Opened #60 Webhook event history UI 2026-02-16 09:12:13 +01:00

Opened #61 GitHub/GitLab webhook support 2026-02-16 09:12:14 +01:00

Opened #62 Real-time deployment log streaming (WebSocket/SSE) 2026-02-16 09:12:14 +01:00

Opened #63 Multi-user support with roles 2026-02-16 09:12:15 +01:00

Opened #64 Observability improvements (structured logging, metrics, audit log) 2026-02-16 09:12:16 +01:00

Opened #68 FEATURE: GitHub and GitLab webhook support 2026-02-16 09:12:46 +01:00

Opened #72 FEATURE: CPU/memory resource limits per app 2026-02-16 09:12:46 +01:00

Opened #79 FEATURE: Backup/restore of app configurations 2026-02-16 09:35:10 +01:00

Opened #80 FEATURE: Private Docker registry authentication 2026-02-16 09:35:10 +01:00

Opened #81 FEATURE: Custom health check commands per app 2026-02-16 09:35:10 +01:00

Opened #82 FEATURE: Multi-user support with roles 2026-02-16 09:35:10 +01:00

Opened #83 FEATURE: Scheduled deployments 2026-02-16 09:35:10 +01:00

Opened #84 FEATURE: Observability improvements (structured logging, metrics, audit log) 2026-02-16 09:35:10 +01:00

Opened #85 FEATURE: Webhook event history UI 2026-02-16 09:35:10 +01:00

Opened #86 FEATURE: Settings page (webhook secret, SSH public key) 2026-02-16 09:35:10 +01:00