fix: security hardening — Keychain, no hardcoded creds, safe URLs
- Add KeychainService for encrypted token storage (auth, refresh, health JWT, API key) - Remove hardcoded email/password from HealthAPIService, store in Keychain - Move all tokens from UserDefaults to Keychain - API key sent via X-API-Key header instead of URL query parameter - Replace force unwrap URL(string:)! with guard let + throws - Fix force unwrap Calendar.date() in HealthKitService - Mark HealthKitService @MainActor for thread-safe @Published - Use withTaskGroup for parallel habit log fetching in TrackerView - Check notification permission before scheduling reminders - Add input validation (title max 200 chars) - Add privacy policy and terms links in Settings - Update CLAUDE.md with security section Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -183,7 +183,19 @@ struct SettingsView: View {
|
||||
}
|
||||
.padding(.horizontal)
|
||||
|
||||
Text("Pulse v1.1 • Made with ❤️").font(.caption).foregroundColor(Color(hex: "8888aa"))
|
||||
// Legal
|
||||
HStack(spacing: 16) {
|
||||
if let url = URL(string: "https://pulse.digital-home.site/privacy") {
|
||||
Link("Политика конфиденциальности", destination: url)
|
||||
.font(.caption).foregroundColor(Theme.textSecondary)
|
||||
}
|
||||
if let url = URL(string: "https://pulse.digital-home.site/terms") {
|
||||
Link("Условия", destination: url)
|
||||
.font(.caption).foregroundColor(Theme.textSecondary)
|
||||
}
|
||||
}
|
||||
|
||||
Text("Pulse v1.1").font(.caption).foregroundColor(Color(hex: "8888aa"))
|
||||
.padding(.bottom, 20)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user