github jeffcaldwellca/mkcertWeb rc1
V2.0!
on GitHub

latest releases: v3.1.0, 3.0.1, 3.0...
2 months ago

[2.0.0] - 2025-08-09 - Let's call this the first release candidate shrug

๐Ÿšจ MAJOR RELEASE - Security & Architecture Overhaul

Security - CRITICAL FIXES

  • ๐Ÿ”’ Command Injection Protection: Complete overhaul of command execution system

    • Implemented strict allowlist-based command validation to prevent injection attacks
    • Added executeCommand utility with comprehensive input sanitization
    • Restricted shell command execution to verified safe patterns for mkcert and openssl operations
    • Added timeout and buffer limits for command execution with proper error handling
    • BREAKING: All commands now validated against security patterns - invalid commands rejected

  • ๐Ÿ›ก๏ธ Path Traversal Prevention: Comprehensive file access security

    • Added validateAndSanitizePath function to prevent directory traversal attacks
    • Implemented secure filename validation with comprehensive sanitization
    • All file operations now use validated paths to prevent unauthorized access
    • Added protection against null bytes, directory traversal sequences, and invalid characters
    • BREAKING: File operations with invalid paths now return standardized error responses

  • โšก Enhanced Rate Limiting: Multi-tier protection system

    • Authentication rate limiter: 5 attempts per 15 minutes (prevents brute force)
    • CLI rate limiter: 10 operations per 15 minutes (prevents command abuse)
    • API rate limiter: 100 requests per 15 minutes (prevents API flooding)
    • General rate limiter: 200 requests per 15 minutes (general protection)
    • Applied rate limiting to all previously unprotected routes
    • Configurable via environment variables with intelligent defaults

Architecture - COMPLETE MODULARIZATION

  • ๐Ÿ“ Modular File Structure: Transformed monolithic codebase into organized modules

    • src/config/: Centralized configuration management
    • src/security/: Security utilities and validation functions
    • src/middleware/: Authentication and rate limiting middleware
    • src/routes/: Organized route handlers by functionality
    • src/utils/: Reusable utility functions and response handlers
    • RESULT: 34% reduction in code duplication (256 lines eliminated)

  • ๐Ÿ”ง Utility-Based Architecture: Standardized patterns for consistency

    • apiResponse.* utilities for consistent HTTP responses across all endpoints
    • validateFileRequest() for standardized file validation workflows
    • asyncHandler() for automatic error handling in async routes
    • handleError() for unified error logging and response formatting
    • RESULT: 70% reduction in repetitive code maintenance

  • ๐Ÿ“Š Code Quality Improvements:

    • Files Route: 249 โ†’ 120 lines (52% reduction)
    • Certificates Route: 313 โ†’ 222 lines (29% reduction)
    • System Route: 196 โ†’ 160 lines (18% reduction)
    • Server: 2300+ โ†’ 150 lines (94% reduction through modularization)

API Changes - STANDARDIZED RESPONSES

  • โœจ Consistent Response Format: All API endpoints now return standardized JSON 
    // Success responses
{ "success": true, "data": {...}, "message": "optional" }

// Error responses  
{ "success": false, "error": "description" }
  • ๐Ÿ” Enhanced Error Details: Development mode provides additional debugging information
  • โšก Improved Validation: Consistent input validation across all endpoints
  • ๐Ÿ› ๏ธ Better Error Handling: Automatic async error catching prevents server crashes

Performance & Reliability

  • ๐Ÿš€ Reduced Memory Footprint: Smaller codebase with optimized utilities
  • โฑ๏ธ Faster Error Processing: Centralized error handling improves response times
  • ๐Ÿ”„ Auto-Recovery: Better error handling prevents application crashes
  • ๐Ÿ“ˆ Monitoring Ready: Structured logging and response patterns enable better monitoring

Developer Experience

  • ๐Ÿ“– Comprehensive Documentation: Added detailed architecture documentation
  • ๐Ÿงช Testable Components: Modular design enables unit testing of individual components
  • ๐Ÿ”„ Reusable Patterns: Utility functions speed up future development
  • ๐ŸŽฏ Clear Separation of Concerns: Route handlers focus on business logic

BREAKING CHANGES

  1. API Response Format: All endpoints now return standardized { success: boolean } format
  2. Error Responses: Error format changed from various patterns to consistent structure
  3. Command Validation: Invalid shell commands now rejected instead of executed
  4. File Path Validation: Invalid file paths return 400 errors instead of processing
  5. Environment Variables: Some rate limiting variables renamed for consistency

Migration Guide

  • Update any client code expecting old error response formats
  • Verify all shell commands are in the approved allowlist
  • Check file access patterns for proper path validation
  • Review environment variable configurations for rate limiting

Deprecations

  • Old error response patterns (will be removed in future versions)
  • Direct shell command execution without validation (now blocked)
  • Unvalidated file path access (now secured)
Check out latest releases or
releases around jeffcaldwellca/mkcertWeb rc1

Don't miss a new mkcertWeb release

NewReleases is sending notifications on new releases.

Get notifications