vantzs/corrosion-admin-panel: Corrosion Admin Panel repository - corrosion-admin-panel - Corrosion Rust Gitea

vantzs/corrosion-admin-panel

Go to file

Vantz Stockwell 215355d1cb

CI / backend-types (push) Successful in 10s

Details

CI / frontend-build (push) Successful in 16s

Details

CI / agent-tests (push) Failing after 29s

Details

CI / integration (push) Has been skipped

Details

fix(security): prevent RCON command injection in player kick/ban/unban (HIGH)

Player id and ban reason flowed unsanitized into the single-line RCON command,
so a control char (newline/CR) in 'reason' could break the framing and inject a
second console command — an RBAC-escalation vector (a Moderator-role user could
run arbitrary RCON via the ban reason field).

- validate player id against a safe token charset /^[A-Za-z0-9_.:-]{1,64}$/ and
  reject otherwise (multi-game safe — not a Rust-only SteamID64 regex, so
  Conan/Funcom and Dune ids still pass)
- strip C0 control chars from reason, collapse whitespace, cap at 200 chars
- coerce ban duration to a non-negative integer

Flagged by automated commit security review. Backend tsc green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-11 22:36:44 -04:00

docs: Add CLAUDE.md and Claude Code settings

2026-02-15 12:28:16 -05:00

.gitea/workflows

fix(ci): base64-decode minisign secret key (CI mangles multi-line); bump alpha.8

2026-06-11 20:31:48 -04:00

feat(api): fleet data model Phase A — License -> Host -> Instance

2026-06-11 12:00:52 -04:00

fix(security): prevent RCON command injection in player kick/ban/unban (HIGH)

2026-06-11 22:36:44 -04:00

companion-agent

fix(panel): real auto-updating version + remove fake agent footer; rename companion -> Corrosion host agent

2026-06-11 09:03:37 -04:00

ci: full test gate — types, frontend build, agent tests, agent<->backend contract suite

2026-06-11 10:59:44 -04:00

corrosion-host-agent

feat: wire the panel command surface to the live Rust agent + wipe handler

2026-06-11 22:30:18 -04:00

fix(nats): no_auth_user is top-level, not inside authorization{} — broke broker startup

2026-06-11 12:47:14 -04:00

feat(panel): Beta sweep — multi-game coherence, honesty, UX fixes

2026-06-11 22:06:10 -04:00

feat(panel): Beta sweep — multi-game coherence, honesty, UX fixes

2026-06-11 22:06:10 -04:00

fix: Remove Gitea env var pre-config (let wizard handle it)

2026-02-15 13:32:20 -05:00

feat: Add CorrosionTeleportGUI uMod plugin — in-game teleport CUI

2026-02-22 01:12:34 -05:00

fix(nats): no_auth_user is top-level, not inside authorization{} — broke broker startup

2026-06-11 12:47:14 -04:00

.env.example

fix(frontend): env-driven marketing host detection

2026-06-11 10:47:15 -04:00

.gitignore

chore: Update .gitignore — protect MCP credentials, add NestJS outputs

2026-02-16 00:45:10 -05:00

AGENTS.md

fix(marketing): strip dead Discord invite from footer; docs: Scout tier -> sonnet[1m]

2026-06-11 09:28:06 -04:00

CHANGELOG.md

feat(host-agent): Phase 2 — Dune docker-compose adapter via Supervisor trait

2026-06-11 21:33:00 -04:00

CLAUDE.md

docs: Lesson 28 — base64-encode multi-line CI secrets (minisign signing key)

2026-06-11 20:38:56 -04:00

corrosion-final-push.md

chore: Wave 5 — marketing copy fix + operation log

2026-02-21 13:36:44 -05:00

deploy-remote.sh

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

generate-sqlx-cache.sh

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

hardpush.log

feat: Implement Phase 6 B2B hosting integration (minimal viable B2B)

2026-02-15 15:05:17 -05:00

PHASE456_AUDIT.md

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

Corrosion Host Agent v1.0.9 Latest

2026-06-11 09:03:37 -04:00

Languages

Vue 40.1%

TypeScript 25.8%

Rust 24.8%

Go 4%

C# 2.8%

Other 2.3%