Initial commit — Stupid Simple Network Inventory

Application web d'inventaire réseau manuel avec FastAPI, Vue 3 et Docker. Inclut l'authentification JWT, la découverte ICMP, et la topologie en cards CSS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 09:19:19 +02:00
commit 88cf6458d0
58 changed files with 10365 additions and 0 deletions
@@ -0,0 +1,41 @@
+server {
+    listen 8080;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # ── Security headers ─────────────────────────────────────────────────────
+    add_header X-Content-Type-Options    "nosniff"                          always;
+    add_header X-Frame-Options           "DENY"                             always;
+    add_header Referrer-Policy           "strict-origin-when-cross-origin"  always;
+    add_header Permissions-Policy        "camera=(), microphone=(), geolocation=()" always;
+
+    # CSP for a Vue 3 / Vite SPA:
+    #   - script-src 'self' + hash   : Vite bundles (self) + one Vite-generated inline
+    #     script (modulepreload fallback in index.html, stable hash across builds)
+    #   - style-src 'self' 'unsafe-inline' : inline style="" attributes used by Vue
+    #   - img-src 'self' data:       : SVG/PNG assets + possible data URIs
+    #   - connect-src 'self'         : API calls to /api/ (same origin via proxy)
+    #   - object-src 'none'          : no plugins
+    #   - frame-ancestors 'none'     : prevents embedding in iframes (replaces X-Frame-Options for CSP-aware browsers)
+    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'sha256-ZswfTY7H35rbv8WC7NXBoiC7WNu86vSzCDChNWwZZDM='; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always;
+
+    location = /api/auth/login {
+        limit_req zone=login burst=5 nodelay;
+        limit_req_status 429;
+        proxy_pass http://backend:8000/api/auth/login;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_read_timeout 60s;
+    }
+
+    location /api/ {
+        proxy_pass http://backend:8000/api/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_read_timeout 60s;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}