Harden API security: input validation, safe auth extraction, new tests, and deploy config
Comprehensive security hardening from audit findings: - Add validation tags to all DTO request structs (max lengths, ranges, enums) - Replace unsafe type assertions with MustGetAuthUser helper across all handlers - Remove query-param token auth from admin middleware (prevents URL token leakage) - Add request validation calls in handlers that were missing c.Validate() - Remove goroutines in handlers (timezone update now synchronous) - Add sanitize middleware and path traversal protection (path_utils) - Stop resetting admin passwords on migration restart - Warn on well-known default SECRET_KEY - Add ~30 new test files covering security regressions, auth safety, repos, and services - Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -4,6 +4,7 @@ import (
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"gorm.io/gorm"
|
||||
|
||||
"github.com/treytartt/casera-api/internal/apperrors"
|
||||
@@ -31,10 +32,11 @@ var (
|
||||
|
||||
// ResidenceService handles residence business logic
|
||||
type ResidenceService struct {
|
||||
residenceRepo *repositories.ResidenceRepository
|
||||
userRepo *repositories.UserRepository
|
||||
taskRepo *repositories.TaskRepository
|
||||
config *config.Config
|
||||
residenceRepo *repositories.ResidenceRepository
|
||||
userRepo *repositories.UserRepository
|
||||
taskRepo *repositories.TaskRepository
|
||||
subscriptionService *SubscriptionService
|
||||
config *config.Config
|
||||
}
|
||||
|
||||
// NewResidenceService creates a new residence service
|
||||
@@ -51,6 +53,11 @@ func (s *ResidenceService) SetTaskRepository(taskRepo *repositories.TaskReposito
|
||||
s.taskRepo = taskRepo
|
||||
}
|
||||
|
||||
// SetSubscriptionService sets the subscription service (used for tier limit enforcement)
|
||||
func (s *ResidenceService) SetSubscriptionService(subService *SubscriptionService) {
|
||||
s.subscriptionService = subService
|
||||
}
|
||||
|
||||
// GetResidence gets a residence by ID with access check
|
||||
func (s *ResidenceService) GetResidence(residenceID, userID uint) (*responses.ResidenceResponse, error) {
|
||||
// Check access
|
||||
@@ -152,12 +159,12 @@ func (s *ResidenceService) getSummaryForUser(_ uint) responses.TotalSummary {
|
||||
|
||||
// CreateResidence creates a new residence and returns it with updated summary
|
||||
func (s *ResidenceService) CreateResidence(req *requests.CreateResidenceRequest, ownerID uint) (*responses.ResidenceWithSummaryResponse, error) {
|
||||
// TODO: Check subscription tier limits
|
||||
// count, err := s.residenceRepo.CountByOwner(ownerID)
|
||||
// if err != nil {
|
||||
// return nil, err
|
||||
// }
|
||||
// Check against tier limits...
|
||||
// Check subscription tier limits (if subscription service is wired up)
|
||||
if s.subscriptionService != nil {
|
||||
if err := s.subscriptionService.CheckLimit(ownerID, "properties"); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
isPrimary := true
|
||||
if req.IsPrimary != nil {
|
||||
@@ -447,6 +454,7 @@ func (s *ResidenceService) JoinWithCode(code string, userID uint) (*responses.Jo
|
||||
if err := s.residenceRepo.DeactivateShareCode(shareCode.ID); err != nil {
|
||||
// Log the error but don't fail the join - the user has already been added
|
||||
// The code will just be usable by others until it expires
|
||||
log.Error().Err(err).Uint("code_id", shareCode.ID).Msg("Failed to deactivate share code after join")
|
||||
}
|
||||
|
||||
// Get the residence with full details
|
||||
|
||||
Reference in New Issue
Block a user