?️ Platform Security Hardened
We've completed a major security audit and implemented multiple layers of protection across the entire platform.
✅
.env files moved outside public directories
All API keys and secrets now stored in /home/gositeme/.gocodeme/ and /home/gositeme/env/ — inaccessible via web
All API keys and secrets now stored in /home/gositeme/.gocodeme/ and /home/gositeme/env/ — inaccessible via web
✅
JWT auto-refresh with 7-day grace period
Expired tokens automatically refreshed within grace period. No more unexpected logouts.
Expired tokens automatically refreshed within grace period. No more unexpected logouts.
✅
Rate limiting: 180 req/min per user
DDoS protection with IP-based and user-based rate limiting. Probe detection and auto-blocking.
DDoS protection with IP-based and user-based rate limiting. Probe detection and auto-blocking.
✅
Dashboard redirect loop fixed
Resolved infinite redirect issue caused by session handling bug. Dashboard now loads instantly.
Resolved infinite redirect issue caused by session handling bug. Dashboard now loads instantly.
✅
Selective 401 handling
Authentication redirects now scoped to SSO endpoint only. Secondary API failures handled gracefully.
Authentication redirects now scoped to SSO endpoint only. Secondary API failures handled gracefully.