Reference pull request for full details. #68
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
-Major change to how logging is handled. This step was taken to provide audit capability compliant with the application security and development STIG.
-Major change to API security, token validation, token renewals, route protection.
-Implemented silent renew functionality for OIDC authentication to enhance user session management.
-Resolved issues with session handling and token renewals that caused unexpected logouts.
-Fixed incorrect MIME type issues for module scripts.
-Updated AuthModule configuration to include silentRenew settings and specify silentRenewUrl.
-Updated user interface to better handle login, logout, and consent flow.
-Modifications for static serving have been implemented to further test and debug hosting the client and API on the same port.
-Incorporated rate limiting in accordance with DOS and other misc requirements for the Application Security and Development STIG.
-Small improvements to API/Client setup
-Added a 'config' database table to store key/value pairs.
-Included an API method to return the API version and content classification based upon environment variables established during setup. Default value of "U"
-Added functionality within the front end to automatically parse the classification returned from the API config information and set the appropriate banner marking.
-Changed the getCollectionPermission(by user+collection) and getCollectionPermissions to be housed within the permissions service rather than the collections service.
-Removal of numerous holdover and unused login, authentication, and workspace functions and related code.
-Modified automated account creation process for new users and offloaded processing responsibility to the back-end.