sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Pulse Contributors Code Frequency Recent Commits

2025-11-18T01:12:13Z - 2026-02-18T01:12:13Z
Period: 3 months
1 day 3 days 1 week 1 month 3 months 6 months 1 year

Overview

29 Active Pull Requests
55 Active Issues
27
Merged Pull Requests 2
Proposed Pull Requests 34
Closed Issues 21
New Issues
Excluding merges, 1 author has pushed 38 commits to main and 76 commits to all branches. On main, 66 files have changed and there have been 16093 additions and 2168 deletions.

27 Pull requests merged by 1 user

Merged #74 feat: add JSON API with token auth (closes #69) 2026-02-16 09:51:48 +01:00

Merged #65 chore: remove TODO.md — all items tracked as Gitea issues 2026-02-16 09:51:14 +01:00

Merged #77 feat: edit existing env vars, labels, and volume mounts (closes #67) 2026-02-16 09:33:47 +01:00

Merged #55 Update TODO.md with current status (closes #54) 2026-02-16 09:26:16 +01:00

Merged #75 feat: deployment rollback to previous image (closes #71) 2026-02-16 09:25:34 +01:00

Merged #73 feat: add user-facing deployment cancel endpoint (closes #66) 2026-02-16 09:19:00 +01:00

Merged #52 fix: cancel in-progress deploy when webhook triggers new deploy (closes #38) 2026-02-16 09:06:41 +01:00

Merged #51 Fix all golangci-lint issues (closes #32) 2026-02-16 09:06:09 +01:00

Merged #50 fix: set DestroySession MaxAge to -1 instead of -1*time.Second (closes #39) 2026-02-16 07:09:26 +01:00

Merged #49 Add server-side app name validation (closes #37) 2026-02-16 07:07:48 +01:00

Merged #48 fix: buffer template execution to prevent corrupt HTML responses (closes #42) 2026-02-16 07:05:45 +01:00

Merged #46 perf: adaptive frontend polling intervals (closes #43) 2026-02-16 07:03:47 +01:00

Merged #47 fix: only trust proxy headers from RFC1918/loopback sources (closes #44) 2026-02-16 07:03:23 +01:00

Merged #34 Fix all golangci-lint issues (closes #32) 2026-02-16 06:57:20 +01:00

Merged #33 fix: validate and clamp container log tail parameter (closes #24) 2026-02-16 06:51:35 +01:00

Merged #31 fix: prevent setup endpoint race condition (closes #26) 2026-02-16 06:45:02 +01:00

Merged #29 Fix command injection in git clone arguments (closes #18) 2026-02-16 06:38:30 +01:00

Merged #30 fix: validate port range 1-65535 in parsePortValues (closes #25) 2026-02-16 06:36:44 +01:00

Merged #9 Wait for final log flush before closing deploymentLogWriter (closes #4) 2026-02-16 06:29:18 +01:00

Merged #14 Add rate limiting to login endpoint to prevent brute force (closes #12) 2026-02-16 06:15:49 +01:00

Merged #28 Add ownership verification on resource deletion (closes #19) 2026-02-16 06:12:52 +01:00

Merged #10 Set Secure flag on session cookie in production mode (closes #5) 2026-02-16 05:58:22 +01:00

Merged #7 Clean up Docker container when deleting an app (closes #2) 2026-02-16 05:56:57 +01:00

Merged #6 Limit webhook request body size to 1MB to prevent DoS (closes #1) 2026-02-16 05:56:14 +01:00

Merged #15 Use hashed webhook secrets for constant-time comparison (closes #13) 2026-02-16 05:55:46 +01:00

Merged #16 Add CSRF protection to state-changing POST endpoints (closes #11) 2026-02-16 05:53:38 +01:00

Merged #27 rewrite log viewer panes (closes #17) 2026-02-16 05:51:12 +01:00

2 Pull requests proposed by 1 user

Proposed #76 feat: add edit support for env vars, labels, and volumes (closes #67) 2026-02-16 09:25:49 +01:00

Proposed #78 test: add deployment rollback tests (closes #71) 2026-02-16 09:28:00 +01:00

34 Issues closed from 2 users

Closed #69 FEATURE: JSON API (/api/v1) 2026-02-16 09:51:48 +01:00

Closed #67 FEATURE: Edit existing env vars, labels, and volume mounts 2026-02-16 09:33:49 +01:00

Closed #54 update TODO.md 2026-02-16 09:26:17 +01:00

Closed #71 FEATURE: Deployment rollback 2026-02-16 09:25:35 +01:00

Closed #70 FEATURE: Real-time deployment log streaming (WebSocket/SSE) 2026-02-16 09:20:26 +01:00

Closed #66 FEATURE: User-facing deployment cancellation endpoint 2026-02-16 09:19:01 +01:00

Closed #38 BUG: Race condition between manual deploy and webhook deploy on same app 2026-02-16 09:06:41 +01:00

Closed #39 BUG: DestroySession sets MaxAge to -1 second instead of -1 2026-02-16 07:09:26 +01:00

Closed #35 SECURITY: No validation on volume host paths allows arbitrary filesystem access 2026-02-16 07:09:03 +01:00

Closed #37 BUG: App name not validated server-side, only client-side HTML pattern 2026-02-16 07:07:48 +01:00

Closed #42 BUG: Template execution errors result in corrupt HTML responses 2026-02-16 07:05:45 +01:00

Closed #43 PERF: Frontend polls 4 endpoints every 1 second regardless of deployment state 2026-02-16 07:03:47 +01:00

Closed #44 SECURITY: realIP trusts X-Forwarded-For/X-Real-IP headers unconditionally 2026-02-16 07:03:23 +01:00

Closed #41 SECURITY: Error messages from Go errors displayed unescaped could leak internals 2026-02-16 07:01:53 +01:00

Closed #36 SECURITY: Webhook secret exposed in plain text in app detail page and request logs 2026-02-16 07:01:37 +01:00

Closed #32 Fix all golangci-lint issues 2026-02-16 06:57:20 +01:00

Closed #24 LOW: Container log tail parameter not validated — passed directly to Docker API 2026-02-16 06:51:35 +01:00

Closed #26 MEDIUM: Setup endpoint race condition — multiple admin users can be created 2026-02-16 06:45:02 +01:00

Closed #18 CRITICAL: Command injection via branch/repoURL/commitSHA in git clone 2026-02-16 06:38:30 +01:00

Closed #25 MEDIUM: Port validation allows ports above 65535 2026-02-16 06:36:44 +01:00

Closed #22 MEDIUM: Session cookie missing Secure flag — transmitted over HTTP 2026-02-16 06:34:21 +01:00

Closed #23 MEDIUM: deploymentLogWriter.Close() doesn't wait for flush goroutine — data loss 2026-02-16 06:33:48 +01:00

Closed #21 MEDIUM: Unbounded request body read in webhook handler — denial of service 2026-02-16 06:32:16 +01:00

Closed #4 Bug: deploymentLogWriter.Close() does not wait for final flush to complete 2026-02-16 06:29:18 +01:00

Closed #3 Bug: EnvVar/Label/Volume/Port deletion does not verify resource belongs to the app in URL (IDOR) 2026-02-16 06:28:38 +01:00

Closed #12 Bug: No rate limiting on login endpoint allows brute force 2026-02-16 06:15:49 +01:00

Closed #19 HIGH: Missing ownership verification on env var, label, volume, and port deletion 2026-02-16 06:12:53 +01:00

Closed #5 Bug: Session cookie missing Secure flag, sent over HTTP in production 2026-02-16 05:58:22 +01:00

Closed #2 Bug: Deleting an app does not stop/remove its Docker container 2026-02-16 05:56:57 +01:00

Closed #1 Bug: Webhook endpoint reads request body without size limit (DoS vector) 2026-02-16 05:56:14 +01:00

Closed #13 Bug: Webhook secret lookup via SQL is not constant-time (timing side-channel) 2026-02-16 05:55:46 +01:00

Closed #11 Bug: No CSRF protection on state-changing POST endpoints 2026-02-16 05:53:38 +01:00

Closed #17 Log viewer panes are not scrollable and build log does not auto-scroll 2026-02-16 05:51:12 +01:00

Closed #20 HIGH: Arbitrary host path mount via volume add — no path validation 2026-02-16 05:48:18 +01:00

21 Issues created by 1 user

Opened #40 SECURITY: CORS allows all origins (*) — review for CSRF implications 2026-02-16 06:56:34 +01:00

Opened #45 Code cleanup: minor best practice improvements for 1.0 2026-02-16 06:57:15 +01:00

Opened #56 JSON API (Phase 4.1) 2026-02-16 09:12:10 +01:00

Opened #57 Edit existing env vars, labels, and volumes (Phase 3.1) 2026-02-16 09:12:11 +01:00

Opened #58 Deployment rollback (Phase 3.2) 2026-02-16 09:12:12 +01:00

Opened #59 Resource limits - CPU/memory (Phase 4.2) 2026-02-16 09:12:12 +01:00

Opened #60 Webhook event history UI 2026-02-16 09:12:13 +01:00

Opened #61 GitHub/GitLab webhook support 2026-02-16 09:12:14 +01:00

Opened #62 Real-time deployment log streaming (WebSocket/SSE) 2026-02-16 09:12:14 +01:00

Opened #63 Multi-user support with roles 2026-02-16 09:12:15 +01:00

Opened #64 Observability improvements (structured logging, metrics, audit log) 2026-02-16 09:12:16 +01:00

Opened #68 FEATURE: GitHub and GitLab webhook support 2026-02-16 09:12:46 +01:00

Opened #72 FEATURE: CPU/memory resource limits per app 2026-02-16 09:12:46 +01:00

Opened #79 FEATURE: Backup/restore of app configurations 2026-02-16 09:35:10 +01:00

Opened #80 FEATURE: Private Docker registry authentication 2026-02-16 09:35:10 +01:00

Opened #81 FEATURE: Custom health check commands per app 2026-02-16 09:35:10 +01:00

Opened #82 FEATURE: Multi-user support with roles 2026-02-16 09:35:10 +01:00

Opened #83 FEATURE: Scheduled deployments 2026-02-16 09:35:10 +01:00

Opened #84 FEATURE: Observability improvements (structured logging, metrics, audit log) 2026-02-16 09:35:10 +01:00

Opened #85 FEATURE: Webhook event history UI 2026-02-16 09:35:10 +01:00

Opened #86 FEATURE: Settings page (webhook secret, SSH public key) 2026-02-16 09:35:10 +01:00