admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6dcf7976137e283ff8faf7d1054591d6a36235d0
honeyDueAPI/audit-digest-8.md
Trey t 7690f07a2b Harden API security: input validation, safe auth extraction, new tests, and deploy config 
Comprehensive security hardening from audit findings:
- Add validation tags to all DTO request structs (max lengths, ranges, enums)
- Replace unsafe type assertions with MustGetAuthUser helper across all handlers
- Remove query-param token auth from admin middleware (prevents URL token leakage)
- Add request validation calls in handlers that were missing c.Validate()
- Remove goroutines in handlers (timezone update now synchronous)
- Add sanitize middleware and path traversal protection (path_utils)
- Stop resetting admin passwords on migration restart
- Warn on well-known default SECRET_KEY
- Add ~30 new test files covering security regressions, auth safety, repos, and services
- Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 09:48:01 -06:00

1.6 KiB
Raw Blame History

Digest 8: repositories (remaining), router, services (first half)

repositories/user_repo.go - Standard GORM CRUD

repositories/webhook_event_repo.go - Webhook event storage

router/router.go - Route registration wiring

services/apple_auth.go - Apple Sign In JWT validation

services/auth_service.go - Token management, password hashing, email verification

services/cache_service.go - Redis caching for lookups

services/contractor_service.go - Contractor CRUD via repository

services/document_service.go - Document management

services/email_service.go - SMTP email sending

services/google_auth.go - Google OAuth token validation

services/iap_validation.go - Apple/Google receipt validation

services/notification_service.go - Push notifications, preferences

services/onboarding_email_service.go (371 lines)

  • ARCHITECTURE: Direct *gorm.DB access — bypasses repository layer entirely
  • Line 43-46: HasSentEmail ignores Count error — could send duplicate emails
  • Line 128-133: GetEmailStats ignores 4 Count errors
  • Line 170: Raw SQL references "auth_user" table
  • Line 354: Delete error silently ignored

services/pdf_service.go (179 lines)

  • BUG: Line 131-133: Byte-level truncation of title — breaks multi-byte UTF-8 (CJK, emoji)

services/residence_service.go (648 lines)

  • Line 155: TODO comment — subscription tier limit check commented out (free tier bypass)
  • Line 447-450: Empty if block — DeactivateShareCode error completely ignored
  • Line 625: Status only set for in-progress tasks; all others have empty string
Reference in New Issue View Git Blame Copy Permalink