Metbcy ↗ analysis ↗ GitHub Metbcy/mike
A near-mirror of Mike whose one visible contribution closes a signing-secret hole in the download subsystem.
This is Metbcy's fork of Mike, and right now it sits essentially in step with upstream - no divergence to speak of. If you cloned it today you'd get the Mike you already know, plus one focused piece of security hardening.
That piece is worth the click: @Metbcy closed a signature-forgery gap in the download subsystem. Signed download links are protected by a keyed HMAC, but the backend used to fall back to a hardcoded placeholder secret when no real one was configured - which quietly opened the door to forged tokens. The fork makes the backend refuse to start without a real secret, so a misconfigured deployment fails loudly instead of trusting bad links.
Beyond that single thread, there's little to read into here. No rebrand, no stated niche, no product direction being telegraphed - just a security-minded fix from someone paying attention to how downloads get authenticated. Click through to GitHub if you want the specifics.
What's in it
- Fail-fast download signing The backend now refuses to start unless a real signing secret is configured, instead of falling back to a placeholder that would accept forged download links.
- Hardened download links Signed download URLs are only trusted when protected by a genuine keyed secret, closing a token-forgery gap in the download subsystem.
Direction
security
Activity
Metbcy ↗ analysis ↗ GitHub Threads of work (detailed view)
Metbcy shuts a forged-download-link hole in Mike
A hardcoded fallback secret meant any misconfigured deployment could be tricked into serving files it shouldn't.
Download-signing secret no longer falls back to a hardcoded value
Metbcy/mike removes a hardcoded `"dev-secret"` fallback in the HMAC signing path for `/download/:token` URLs. Without a real secret configured, the backend now refuses to start rather than silently accepting forged tokens.
Pull requests (detailed view)
✅ Merged (2)
Metbcy · opened 3mo ago · merged 2mo ago Metbcy · opened 3mo ago · merged 2mo ago by willchen96