vstockwell/wraith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 67 Wiki Activity
Self-hosted SSH + SFTP + RDP in a browser — MobaXterm replacement
89 Commits 1 Branch 162 Tags 662 MiB
Rust 51.1%
Vue 40.8%
TypeScript 7.6%
CSS 0.4%
93811b59cb
Go to file
Vantz Stockwell 93811b59cb fix(security): auth hardening — httpOnly cookies, Argon2id passwords, TOTP encryption, rate limiting 
C-2: JWT moved from localStorage to httpOnly cookie (eliminates XSS token theft)
C-3: WebSocket auth via short-lived single-use tickets (JWT no longer in URLs)
H-1: JWT expiry reduced from 7 days to 4 hours
H-3: TOTP secrets encrypted at rest with vault EncryptionService (auto-migrates plaintext)
H-6: Rate limiting via @nestjs/throttler (60 req/min global, tighten on auth)
H-8: Constant-time login — Argon2id verify runs against dummy hash for non-existent users
H-9: Password hashing upgraded from bcrypt(10) to Argon2id (auto-upgrades on login)
H-10: Credential list API no longer returns encrypted blobs
H-16: Admin pages use Nuxt route middleware instead of client-side guard
Plus: auth bootstrap plugin, cookie-parser middleware, all frontend Authorization headers removed

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 14:24:35 -04:00
backend fix(security): auth hardening — httpOnly cookies, Argon2id passwords, TOTP encryption, rate limiting 2026-03-14 14:24:35 -04:00
docs fix(security): auth hardening — httpOnly cookies, Argon2id passwords, TOTP encryption, rate limiting 2026-03-14 14:24:35 -04:00
frontend fix(security): auth hardening — httpOnly cookies, Argon2id passwords, TOTP encryption, rate limiting 2026-03-14 14:24:35 -04:00
images feat: convert Settings to right sidebar panel, remove light mode 2026-03-13 10:25:24 -04:00
.env.example feat: project scaffold — Docker, NestJS, Nuxt 3, Prisma config 2026-03-12 17:05:37 -04:00
.gitignore fix: inline modals in index.vue, proper DTO for profile update 2026-03-13 09:09:05 -04:00
docker-compose.yml fix(security): infrastructure hardening — guacd network isolation, drop DB port, helmet, non-root container 2026-03-14 14:13:28 -04:00
Dockerfile fix(security): infrastructure hardening — guacd network isolation, drop DB port, helmet, non-root container 2026-03-14 14:13:28 -04:00
README.md feat: project scaffold — Docker, NestJS, Nuxt 3, Prisma config 2026-03-12 17:05:37 -04:00
Remote-Spec.md docs: Wraith spec + implementation plan 2026-03-12 16:59:34 -04:00

README.md

Wraith

Self-hosted MobaXterm replacement — SSH + SFTP + RDP in a browser.

Stack

  • Backend: NestJS 10, Prisma 6, PostgreSQL 16, ssh2, guacd
  • Frontend: Nuxt 3 (SPA), PrimeVue 4, Tailwind CSS, xterm.js 5

Quick Start

cp .env.example .env
# Edit .env with real secrets

docker compose up -d

Default credentials: admin@wraith.local / wraith

Development

# Backend
cd backend && npm install && npm run dev

# Frontend
cd frontend && npm install && npm run dev