Skip to content

v2.1.0

Choose a tag to compare

View all tags
@DefinetlyNotAI DefinetlyNotAI released this 29 May 08:12
· 12 commits to main since this release
v2.1.0
4742f8b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🏦 Bank App v2.1.0 — Release Notes

This release focuses on security, code cleanliness, and user-facing quality-of-life improvements. Here's what’s new and improved in v2.1.0:

New Features & Improvements

  • Delete Account Request (With Safety Logic)
    Users can now request to delete their accounts. Admin accounts are protected with logic preventing accidental or intentional self-deletion.

  • Export Logs to CSV
    Users can now export logs in CSV format directly for easier external review and record-keeping.

  • Session Key Warning
    Added an alert system that warns admins (in the server logs not the bank logs) when a randomized session key is being used — which helps to prevent unexpected session invalidation across server reboots.

  • Improved Logging
    Logging messages have been refined for clarity, consistency, and better traceability.

🛠️ Code & Backend Enhancements

  • Formatted & Cleaned Codebase
    Codebase has been cleaned up and formatted for better readability and maintainability.

  • Removed Unused API Routes
    Dead API routes have been pruned. A new GET /status route was added to report server status.

🔒 Security Fixes

  • CSRF Protection for Bank Transfers
    A critical security fix: CSRF tokens are now properly validated for bank transfers to prevent forgery attacks.
    This was a bug in the transfers for admins as I have forgotten to add the CSRF to the header of the request in the AJAX request in the JS fetch

⚠️ Note

If your server uses ephemeral or randomized keys on reboot, user sessions may become invalid. This release now detects and warns against this behavior.

Full Changelog: v2.0.0...v2.1.0

Assets 2
Loading