Skip to content

Releases: reallyShould/Cloud_Notes_API

v1.0.0: Core API & Secure Authentication

Choose a tag to compare

@reallyShould reallyShould released this 04 Jul 13:04

🚀 What's New in v1.0.0

The first stable release of the Asynchronous Cloud Notes API. Fully containerized and secure backend system ready for mobile client integration.

🔒 Security & Authentication

  • Implemented JWT (JSON Web Tokens) inside secure HttpOnly Cookies (XSS & CSRF protected).
  • Added password hashing via bcrypt.
  • Fixed auth routing to prevent user enumeration attacks.

📝 Notes CRUD

  • Full asynchronous CRUD cycle with strict owner isolation (users cannot access or edit other users' data via IDOR vulnerabilities).
  • Native support for rich Markdown and linked assets storage.
  • Added database-level cascading deletes (ondelete="CASCADE") to automatically wipe orphan child rows.

📁 Media & Attachments Management

  • Secure upload processing ([POST] /attachments) using python-multipart.
  • Implemented dual-layer protection against exploitation:
    • Strict extension validation filtering (.jpg, .png, .webp, .gif).
    • Active 25MB payload size restriction to mitigate resource-exhaustion DoS attacks.
  • Isolated stream delivery (FileResponse) with strict authorization layers: files on disk can only be fetched by their verified creator.

⚙️ DevOps & Tooling

  • Containerized environment configuration via Docker & OrbStack.
  • Fully integrated automated Continuous Integration (GitHub Actions linter & build checker pipeline).