hykocx 8209503395 feat(api): add CSRF protection and rate limiting to routers ...

- Add `passesCsrfCheck()` to both `router.js` and `dynamic-router.js`
  to block cross-site request forgery on state-mutating methods
  (POST/PUT/PATCH/DELETE) by validating Origin/Referer headers against
  `ZEN_APP_URL`
- Apply global IP-based rate limiting in `dynamic-router.js` mirroring
  the policy already present in `router.js`; exempt health and version
  GET endpoints from throttling
- Sanitize 404 response in `dynamic-router.js` to prevent route
  structure enumeration
- Strip internal error details from user-facing error messages (e.g.
  profile picture deletion) to avoid information leakage

2026-04-12 17:40:34 -04:00

..

cli

docs: remove zen-setup CLI and simplify installation guide

2026-04-12 17:07:33 -04:00

core

feat(api): add CSRF protection and rate limiting to routers

2026-04-12 17:40:34 -04:00

features

chore: rename package from @hykocx/zen to @zen/core

2026-04-12 15:09:26 -04:00

modules

refactor: remove ZEN_DESCRIPTION env variable usage

2026-04-12 16:09:03 -04:00

shared

chore: rename package from @hykocx/zen to @zen/core

2026-04-12 15:09:26 -04:00

index.js

chore: rename package from @hykocx/zen to @zen/core

2026-04-12 15:09:26 -04:00