[1.4.1] - 2025-08-01
Added
Rate Limiting Protection: Comprehensive rate limiting to prevent CLI command abuse
Separate rate limiters for CLI operations (certificate generation, CA management) and API requests
Configurable rate limits with environment variables (CLI: 10 ops/15min, API: 100 req/15min)
Per-user and per-IP rate limiting for authenticated and anonymous users
Protection against automated attacks and resource exhaustion
Rate Limiting Testing: Comprehensive testing procedures and automated test script
Environment Configuration: Added rate limiting configuration options to .env.example
Security
Rate Limiting Protection: Comprehensive protection against CLI command abuse and automated attacks
Resource Protection: Prevents excessive CLI operations that could impact server performance
Multi-layer Security: Combined IP-based and user-based rate limiting for enhanced protection
Technical
Added express-rate-limit@^7.4.0 dependency for robust rate limiting functionality
Enhanced server middleware with configurable rate limiting for different endpoint types
Automated test script for validating rate limiting functionality
[1.4.0]
Added
OpenID Connect (OIDC) SSO Authentication: Full OpenID Connect integration for single sign-on support
Passport-based OIDC strategy implementation with configurable providers
Support for Azure AD, Google, and other OIDC-compliant identity providers
Comprehensive environment variable configuration for OIDC settings
OIDC callback URL handling and user profile management
Optional OIDC authentication alongside existing basic authentication
Enhanced Root CA Management: Improved Root CA generation workflow and user experience
Environment Configuration: Expanded .env.example with comprehensive OIDC configuration options
Session Management: Enhanced passport-based session handling for OIDC flows
Changed
Authentication System: Refactored authentication to support multiple authentication methods
Server Configuration: Enhanced server startup to handle OIDC provider initialization
User Interface: Updated login forms to support both basic auth and OIDC flows
Fixed
PFX Password Handling: Resolved password validation and encryption issues in PFX generation
Root CA Workflow: Streamlined and improved Root CA generation process
Session Security: Enhanced session cookie configuration and security settings
UI Styling: Various style fixes and improvements for better user experience
Security
OIDC Integration: Secure OpenID Connect implementation with proper token validation
Enhanced Session Management: Improved session security and authentication flows
Provider Validation: Secure OIDC provider configuration and callback validation