schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: schmidt1024:06c97d2073a0c628ea16745b80d040b817e22e70
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0
..
compare: schmidt1024:ec99e097c2714969af1688b4a1a6e903aec29907
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0

29 Commits
06c97d2073 ... ec99e097c2

Author SHA1 Message Date
Alexander Schmidt
ec99e097c2 Harden deploy script config handling 2026-03-26 14:07:07 +01:00
Alexander Schmidt
7e389d6a1c Add safe deploy script preserving data directory 2026-03-26 13:55:59 +01:00
Alexander Schmidt
3cd8d03d9b Align privacy rate-limit wording with implementation 2026-03-26 13:53:07 +01:00
Alexander Schmidt
e52955f106 Update privacy terms: no persistent IP records 2026-03-26 13:48:40 +01:00
Alexander Schmidt
eae15de873 Preserve absolute invoice deadline across reloads 2026-03-26 13:43:30 +01:00
Alexander Schmidt
71383431f2 Keep short URL in share field when loaded via short link 2026-03-26 13:40:16 +01:00
Alexander Schmidt
09616adc81 Refresh pending proof confirmations on status lookup 2026-03-26 13:28:40 +01:00
Alexander Schmidt
090256ae4f Fix short link integrity check for code parameter 2026-03-26 13:26:05 +01:00
Alexander Schmidt
9c466d3814 Bump asset versions and rotate service worker cache 2026-03-26 13:24:18 +01:00
Alexander Schmidt
523bdae81c Fix false short URL integrity warning 2026-03-26 13:22:34 +01:00
Alexander Schmidt
c206a51f0b Add yellow favicon badge for pending invoices 2026-03-26 13:20:11 +01:00
Alexander Schmidt
9faec16b31 Regenerate minified translations for pending proof status 2026-03-26 13:15:33 +01:00
Alexander Schmidt
fa2f7a4ab1 Add document-and-coin favicon concept and sync paid favicon state 2026-03-26 13:10:30 +01:00
Alexander Schmidt
a5de8752dd Update README: mark auto-cleanup as complete, add Invoice Lifecycle section 2026-03-26 11:03:59 +01:00
Alexander Schmidt
4549a05b6d Add type annotations to fix Intelephense type checking errors 2026-03-26 11:03:15 +01:00
Alexander Schmidt
c8df4df881 Update cache-busting version to 20260326-2 for cleanup feature 2026-03-26 11:02:20 +01:00
Alexander Schmidt
9999c00d59 Implement lazy-cleanup for expired invoices with deadline-based deletion 2026-03-26 11:01:32 +01:00
Alexander Schmidt
458ee78362 Add deadline cleanup feature to roadmap 2026-03-26 10:54:21 +01:00
Alexander Schmidt
ded24ce575 Add cache-busting version params for frontend assets 2026-03-26 10:11:13 +01:00
Alexander Schmidt
600154493e Fix paid/pending invoice status UI and date handling 2026-03-26 10:06:08 +01:00
Alexander Schmidt
fa9f2243ae refactor: reuse shared style.css and language switcher on privacy page 2026-03-26 08:01:59 +01:00
Alexander Schmidt
cffdee2cb6 fix: harden PHP type handling across all endpoints 2026-03-26 07:57:11 +01:00
Alexander Schmidt
2154d5996d feat: add multilingual privacy and terms page + footer link 2026-03-26 07:50:57 +01:00
Alexander Schmidt
27cb9e0fec fix: footer 'Minimal Backend' → 'No Tracking' 2026-03-26 07:39:55 +01:00
Alexander Schmidt
69c66aea38 fix: remove duplicate <?php tag in verify.php (HTTP 500) 2026-03-26 07:36:35 +01:00
Alexander Schmidt
1bbf309029 feat: confirmation-aware TX verification (10-conf threshold) 
- 0-9 confs: show amber 'Pending/N/10' stamp on QR, auto-poll every 60s
- ≥10 confs: show green 'Paid' stamp (Monero standard lock)
- verify.php: store status ('pending'|'paid'), allow upward updates
- i18n: add status_pending + proof_confirmed_pending (all 7 langs)
- style.css: add .proof-result.warning, .pending-stamp, .qr-container.confirming
- Polling stops on resetForm; short-URL viewers also poll verify.php
 2026-03-26 07:30:43 +01:00
Alexander Schmidt
14f73875de fix: remove duplicate <?php tag in check-short.php 2026-03-26 07:15:28 +01:00
Alexander Schmidt
38f23d6627 Security hardening: rate limiting, atomic locks, origin check, honest docs 
API / Security:
- Add api/_helpers.php: shared send_security_headers(), verify_origin(),
  get_hmac_secret(), check_rate_limit(), read_json_locked(), write_json_locked()
- shorten.php: remove Access-Control-Allow-Origin:*, restrict to same-origin,
  rate-limit 20 req/h per IP, atomic JSON read+lock, HMAC secret from file
- verify.php: rate-limit GET (30/min) and POST (10/h) per IP, atomic lock,
  prevent overwriting existing proofs, origin check on POST
- node.php: fix rate limit from 1000 to 60 req/min, add security headers,
  origin check
- check-short.php: add security headers, re-derive signature server-side
- s.php: use file-based HMAC secret via get_hmac_secret(), hash_equals()
  for timing-safe comparison

Service Worker:
- sw.js: navigation requests (mode=navigate) never served from cache;
  network-first with offline fallback to prevent stale invoice state

Documentation (honest claims):
- README: tagline "No backend" -> "No tracking"; new Architecture table
  listing exactly what server sees for each feature; Security Model section
- index.html: meta description and footer updated from "No Backend" to
  "Minimal Backend"
- i18n.js footer: already updated in previous commit
 2026-03-26 07:13:02 +01:00
Alexander Schmidt
96dd4bfc72 Security: Add HMAC validation for short URLs + improve privacy documentation 
- Implement HMAC-SHA256 signatures on short URLs to detect server-side tampering
- Add client-side signature verification with hostname-derived secret
- New API endpoint: /api/check-short.php for integrity verification
- Update verify.php with privacy notice (addresses not stored)
- Update README to clarify minimal backend requirement (short URLs, rate caching, proof storage)
- Add toast warning when signature mismatch detected
- Support both old and new format in s.php for backward compatibility
- Update all i18n translations (EN, DE, FR, IT, ES, PT, RU)

Addresses security concern: Server compromise could previously result in address
substitution for short-linked invoices. Now client-side verification detects tampering.
 2026-03-26 06:52:20 +01:00
1 changed files with 24 additions and 2 deletions
Expand all files Collapse all files

26
scripts/deploy.sh
View File

@@ -2,8 +2,30 @@
set -euo pipefail
# Safe deploy: never delete server-side runtime data/ files.
HOST="root@89.167.107.136"
TARGET="/home/alex/web/xmrpay.link/public_html"
#
# Configuration (required):
# DEPLOY_HOST e.g. root@example.com or deploy@example.com
# DEPLOY_TARGET e.g. /home/user/web/xmrpay.link/public_html
#
# Optional local config file (not committed):
# scripts/.deploy.env
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
ENV_FILE="$SCRIPT_DIR/.deploy.env"
if [[ -f "$ENV_FILE" ]]; then
# shellcheck disable=SC1090
source "$ENV_FILE"
fi
HOST="${DEPLOY_HOST:-}"
TARGET="${DEPLOY_TARGET:-}"
if [[ -z "$HOST" || -z "$TARGET" ]]; then
echo "Missing deploy configuration." >&2
echo "Set DEPLOY_HOST and DEPLOY_TARGET (env vars or scripts/.deploy.env)." >&2
exit 1
fi
rsync -avz --delete \
--exclude '.git' \