Harden admin login + admin/UI fixes + guided demo#1
Merged
Conversation
- Add a discreet "admin" link to the public footer and an owner hint on the empty storefront, so a freshly set-up operator can find /admin (which redirects to login). - Move the product-form "License plans" header off the uppercase .fieldlabel micro-label onto a normal-case label + helper line so it sits inside the License fieldset; drop the dead duplicate .fieldlabel rule. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Per-IP failed-login throttle with an escalating, capped, auto-expiring cooldown. The password is verified BEFORE the cooldown is consulted, so a correct password is always accepted (safe on shared Tor/NAT egress) and resets the throttle. - Enforce a password policy (12-char minimum + common-password blocklist) at setup and for NEVERPAY_ADMIN_PASSWORD on first run; an already-configured install is warned, not bricked, on a weak env value. - Raise bcrypt cost to 12; dummy-compare when no admin is configured (removes a configured/unconfigured timing oracle); constant jittered delay on the failure path. - Surface active throttling on /admin/status; document in SECURITY.md and DEPLOY.md. Adds throttle/password/handler tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add cmd/seeddemo: seeds a realistic store (6 products across all license types, orders in every lifecycle state, multi-seat/revoked/expired keys with activations, webhooks, and a demo HD wallet enabling all 7 coins) using the real db/license/wallet packages. - Add demo/ guided walkthrough of the buyer and seller journeys with 15 screenshots; refresh the 4 screenshots used by README. - README docs-table + .gitignore updates for the demo runtime dir. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three logical commits:
1. UI fixes
/admin..fieldlabelmicro-label onto a normal-case label + helper line (it was rendering as an all-caps sentence breaking out of the fieldset); removed the dead duplicate.fieldlabelrule.2. Login brute-force hardening
NEVERPAY_ADMIN_PASSWORDon first run; established installs are warned, not bricked./admin/status; documented in SECURITY.md / DEPLOY.md.3. Guided demo
cmd/seeddemo— seeds a realistic store (6 products across all license types, orders in every state, multi-seat/revoked/expired keys, webhooks, a demo HD wallet enabling all 7 coins) via the realdb/license/walletpackages.demo/guided walkthrough (buyer + seller journeys) with 15 screenshots; refreshed the 4 README screenshots.go build/vet/test ./...all green (CGO_ENABLED=0).🤖 Generated with Claude Code