vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity
7fa4e62cbc
wraith/frontend/composables/useVault.ts
Vantz Stockwell 93811b59cb fix(security): auth hardening — httpOnly cookies, Argon2id passwords, TOTP encryption, rate limiting 
C-2: JWT moved from localStorage to httpOnly cookie (eliminates XSS token theft)
C-3: WebSocket auth via short-lived single-use tickets (JWT no longer in URLs)
H-1: JWT expiry reduced from 7 days to 4 hours
H-3: TOTP secrets encrypted at rest with vault EncryptionService (auto-migrates plaintext)
H-6: Rate limiting via @nestjs/throttler (60 req/min global, tighten on auth)
H-8: Constant-time login — Argon2id verify runs against dummy hash for non-existent users
H-9: Password hashing upgraded from bcrypt(10) to Argon2id (auto-upgrades on login)
H-10: Credential list API no longer returns encrypted blobs
H-16: Admin pages use Nuxt route middleware instead of client-side guard
Plus: auth bootstrap plugin, cookie-parser middleware, all frontend Authorization headers removed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 14:24:35 -04:00

34 lines
1.1 KiB
TypeScript
Raw Blame History

export function useVault() {
// C-2: No more manual Authorization headers — httpOnly cookie sent automatically
// SSH Keys
async function listKeys() {
return $fetch('/api/ssh-keys')
}
async function importKey(data: { name: string; privateKey: string; passphrase?: string; publicKey?: string }) {
return $fetch('/api/ssh-keys', { method: 'POST', body: data })
}
async function deleteKey(id: number) {
return $fetch(`/api/ssh-keys/${id}`, { method: 'DELETE' })
}
// Credentials
async function listCredentials() {
return $fetch('/api/credentials')
}
async function createCredential(data: any) {
return $fetch('/api/credentials', { method: 'POST', body: data })
}
async function updateCredential(id: number, data: any) {
return $fetch(`/api/credentials/${id}`, { method: 'PUT', body: data })
}
async function deleteCredential(id: number) {
return $fetch(`/api/credentials/${id}`, { method: 'DELETE' })
}
return {
listKeys, importKey, deleteKey,
listCredentials, createCredential, updateCredential, deleteCredential,
}
}
Reference in New Issue View Git Blame Copy Permalink