Releases: reallyShould/Cloud_Notes_API
Releases · reallyShould/Cloud_Notes_API
Release list
v1.0.0: Core API & Secure Authentication
🚀 What's New in v1.0.0
The first stable release of the Asynchronous Cloud Notes API. Fully containerized and secure backend system ready for mobile client integration.
🔒 Security & Authentication
- Implemented JWT (JSON Web Tokens) inside secure HttpOnly Cookies (XSS & CSRF protected).
- Added password hashing via
bcrypt. - Fixed auth routing to prevent user enumeration attacks.
📝 Notes CRUD
- Full asynchronous CRUD cycle with strict owner isolation (users cannot access or edit other users' data via IDOR vulnerabilities).
- Native support for rich Markdown and linked assets storage.
- Added database-level cascading deletes (
ondelete="CASCADE") to automatically wipe orphan child rows.
📁 Media & Attachments Management
- Secure upload processing (
[POST] /attachments) usingpython-multipart. - Implemented dual-layer protection against exploitation:
- Strict extension validation filtering (
.jpg,.png,.webp,.gif). - Active 25MB payload size restriction to mitigate resource-exhaustion DoS attacks.
- Strict extension validation filtering (
- Isolated stream delivery (
FileResponse) with strict authorization layers: files on disk can only be fetched by their verified creator.
⚙️ DevOps & Tooling
- Containerized environment configuration via Docker & OrbStack.
- Fully integrated automated Continuous Integration (GitHub Actions linter & build checker pipeline).