Initial WatchLink scaffold
This commit is contained in:
MrSphay
17
docs/security-review.md
Normal file
17
docs/security-review.md
Normal file
@@ -0,0 +1,17 @@
|
||||
# Security Review
|
||||
|
||||
## Scope
|
||||
|
||||
WatchLink handles user accounts, password hashes, friendship data, room access rules, media URLs, and realtime playback events.
|
||||
|
||||
## Current Controls
|
||||
|
||||
- Passwords are hashed with bcrypt.
|
||||
- Sessions use HTTP-only signed cookies.
|
||||
- Prisma models enforce uniqueness for users, friendships, and room slugs.
|
||||
- `.env` files are ignored except `.env.example`.
|
||||
- Container publishing expects Gitea `REGISTRY_TOKEN` as a secret.
|
||||
|
||||
## Release Review Notes
|
||||
|
||||
Fill this section during release readiness work with commands run, CI links, audit results, and any accepted risks.
|
||||
Reference in New Issue
Block a user