admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7690f07a2bf7c1f9607307820ea99bf2a1144468
honeyDueAPI/audit-digest-4.md
Trey t 7690f07a2b Harden API security: input validation, safe auth extraction, new tests, and deploy config 
Comprehensive security hardening from audit findings:
- Add validation tags to all DTO request structs (max lengths, ranges, enums)
- Replace unsafe type assertions with MustGetAuthUser helper across all handlers
- Remove query-param token auth from admin middleware (prevents URL token leakage)
- Add request validation calls in handlers that were missing c.Validate()
- Remove goroutines in handlers (timezone update now synchronous)
- Add sanitize middleware and path traversal protection (path_utils)
- Stop resetting admin passwords on migration restart
- Warn on well-known default SECRET_KEY
- Add ~30 new test files covering security regressions, auth safety, repos, and services
- Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 09:48:01 -06:00

2.6 KiB
Raw Blame History

Digest 4: dto/responses (remaining), echohelpers, handlers (first half)

dto/responses/residence.go (215 lines) - NewResidenceResponse no nil check on param. Owner zero-value if not preloaded.

dto/responses/task_template.go (135 lines) - No nil check on template param

dto/responses/task.go (399 lines) - No nil checks on params in factory functions

dto/responses/user.go (20 lines) - Clean data types

echohelpers/helpers.go (46 lines) - Clean utilities

echohelpers/pagination.go (33 lines) - Clean, properly bounded

handlers/auth_handler.go (379 lines)

  • ARCHITECTURE: Lines 83, 178, 207, 241, 329, 370: SIX goroutine spawns for email — violates "no goroutines in handlers" rule
  • Line 308-312: AppError constructed directly instead of factory function

handlers/contractor_handler.go (154 lines)

  • Line 28+: Unchecked type assertions throughout (7 instances)
  • Line 31: Raw err.Error() returned to client
  • Line 55: CreateContractor missing c.Validate() call

handlers/document_handler.go (336 lines)

  • Line 37+: Unchecked type assertions (10 instances)
  • Line 92-93: Raw error leaked to client
  • Line 137: No DocumentType validation — any string accepted
  • Lines 187, 217: Missing c.Validate() calls

handlers/media_handler.go (172 lines)

  • SECURITY: Line 156-171: resolveFilePath uses filepath.Join with user-influenced data — PATH TRAVERSAL vulnerability. TrimPrefix doesn't sanitize ../
  • Line 19-22: Handler accesses repositories directly, bypasses service layer

handlers/notification_handler.go (200 lines)

  • Line 29-40: No upper bound on limit — unbounded query with limit=999999999
  • Line 168: Silent default to "ios" platform

handlers/residence_handler.go (365 lines)

  • Line 38+: Unchecked type assertions (14 instances)
  • Lines 187, 209, 303: Bind errors silently discarded
  • Line 224: JoinWithCode missing c.Validate()

handlers/static_data_handler.go (152 lines) - Uses interface{} instead of concrete types

handlers/subscription_handler.go (176 lines) - Lines 97, 150: Missing c.Validate() calls

  • Line 159-163: RestoreSubscription doesn't validate receipt/transaction ID presence

handlers/subscription_webhook_handler.go (821 lines)

  • SECURITY: Line 190-192: Apple JWS payload decoded WITHOUT signature verification
  • SECURITY: Line 787-793: VerifyGooglePubSubToken ALWAYS returns true — webhook unauthenticated
  • Line 639-643: Subscription duration guessed by string matching product ID
  • Line 657, 694: Hardcoded 1-month extension regardless of actual plan
  • Line 759, 772: Unchecked type assertions in VerifyAppleSignature
  • Line 162: Apple renewal info error silently discarded
Reference in New Issue View Git Blame Copy Permalink