admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5bb123cd0a1f2bfa4386c0a7231c63ae4351f2c
honeyDueAPI/audit-digest-6.md
Trey t 7690f07a2b Harden API security: input validation, safe auth extraction, new tests, and deploy config 
Comprehensive security hardening from audit findings:
- Add validation tags to all DTO request structs (max lengths, ranges, enums)
- Replace unsafe type assertions with MustGetAuthUser helper across all handlers
- Remove query-param token auth from admin middleware (prevents URL token leakage)
- Add request validation calls in handlers that were missing c.Validate()
- Remove goroutines in handlers (timezone update now synchronous)
- Add sanitize middleware and path traversal protection (path_utils)
- Stop resetting admin passwords on migration restart
- Warn on well-known default SECRET_KEY
- Add ~30 new test files covering security regressions, auth safety, repos, and services
- Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 09:48:01 -06:00

41 lines
1.9 KiB
Markdown
Raw Blame History

# Digest 6: models (remaining), monitoring
### models/document.go (100 lines) - Clean
### models/notification.go (141 lines) - Clean
### models/onboarding_email.go (35 lines) - Clean
### models/reminder_log.go (92 lines) - Clean
### models/residence.go (106 lines)
- Lines 65-70: GetAllUsers/HasAccess assumes Owner and Users are preloaded — returns wrong results if not
### models/subscription.go (169 lines)
- Lines 57-65: IsActive()/IsPro() don't account for IsFree admin override field — misleading method names
### models/task_template.go (23 lines) - Clean
### models/task.go (317 lines)
- Lines 189-264: GetKanbanColumnWithTimezone duplicates categorization chain logic — maintenance drift risk
- Lines 158-182: IsDueSoon uses time.Now() internally — non-deterministic, harder to test
### models/user.go (268 lines)
- Line 101: crypto/rand.Read error unchecked (safe in practice since Go 1.20)
- Line 164-172: GenerateConfirmationCode has slight distribution bias (negligible)
### monitoring/buffer.go (166 lines) - Line 75: Corrupted Redis data silently dropped
### monitoring/collector.go (201 lines)
- Line 82: cpu.Percent blocks 1 second per collection
- Line 96-110: ReadMemStats called TWICE per cycle (also in collectRuntime)
### monitoring/handler.go (195 lines)
- **SECURITY**: Line 19-22: WebSocket CheckOrigin always returns true
- **BUG**: Line 117-119: After upgrader.Upgrade fails, execution continues to conn.Close() — nil pointer panic
- **BUG**: Line 177: Missing return after ctx.Done() — goroutine spins
- Lines 183-184: GetAllStats error silently ignored
- Line 192: WriteJSON error unchecked
### monitoring/middleware.go (220 lines) - Clean
### monitoring/models.go (129 lines) - Clean
### monitoring/service.go (196 lines)
- Line 121: Hardcoded primary key 1 for singleton settings row
- Line 191-194: MetricsMiddleware returns nil when httpCollector is nil — caller must nil-check
Reference in New Issue View Git Blame Copy Permalink