rose-ash

coop/rose-ash

Fork 0

Commit Graph

Author	SHA1	Message	Date
giles	c015f3f02f	Security audit: fix IDOR, add rate limiting, HMAC auth, token hashing, XSS sanitization All checks were successful Build and Deploy / build-and-deploy (push) Successful in 3m22s Details Critical: Add ownership checks to all order routes (IDOR fix). High: Redis rate limiting on auth endpoints, HMAC-signed internal service calls replacing header-presence-only checks, nh3 HTML sanitization on ghost_sync and product import, internal auth on market API endpoints, SHA-256 hashed OAuth grant/code tokens. Medium: SECRET_KEY production guard, AP signature enforcement, is_admin param removal, cart_sid validation, SSRF protection on remote actor fetch. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 13:30:27 +00:00
giles	8f4104a4bf	Add error handling to action endpoint dispatchers All checks were successful Build and Deploy / build-and-deploy (push) Successful in 59s Details Unhandled exceptions in action handlers were returned as opaque 400/500 by Quart's default error handler. Now we catch, log the full traceback, and return a JSON error body with 500 status so the caller gets useful diagnostics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-25 03:18:06 +00:00
giles	3b707ec8a0	Decouple all cross-app service calls to HTTP endpoints All checks were successful Build and Deploy / build-and-deploy (push) Successful in 3m0s Details Replace every direct cross-app services.* call with HTTP-based communication: call_action() for writes, fetch_data() for reads. Each app now registers only its own domain service. Infrastructure: - shared/infrastructure/actions.py — POST client for /internal/actions/ - shared/infrastructure/data_client.py — GET client for /internal/data/ - shared/contracts/dtos.py — dto_to_dict/dto_from_dict serialization Action endpoints (writes): - events: 8 handlers (ticket adjust, claim/confirm, toggle, adopt) - market: 2 handlers (create/soft-delete marketplace) - cart: 1 handler (adopt cart for user) Data endpoints (reads): - blog: 4 (post-by-slug/id, posts-by-ids, search-posts) - events: 10 (pending entries/tickets, entries/tickets for page/order, entry-ids, associated-entries, calendars, visible-entries-for-period) - market: 1 (marketplaces-for-container) - cart: 1 (cart-summary) Service registration cleanup: - blog→blog+federation, events→calendar+federation, market→market+federation, cart→cart only, federation→federation only, account→nothing - Stubs reduced to minimal StubFederationService Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-25 03:01:38 +00:00

Author

SHA1

Message

Date

giles

c015f3f02f

Security audit: fix IDOR, add rate limiting, HMAC auth, token hashing, XSS sanitization

Build and Deploy / build-and-deploy (push) Successful in 3m22s

Details

Critical: Add ownership checks to all order routes (IDOR fix).
High: Redis rate limiting on auth endpoints, HMAC-signed internal
service calls replacing header-presence-only checks, nh3 HTML
sanitization on ghost_sync and product import, internal auth on
market API endpoints, SHA-256 hashed OAuth grant/code tokens.
Medium: SECRET_KEY production guard, AP signature enforcement,
is_admin param removal, cart_sid validation, SSRF protection on
remote actor fetch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-26 13:30:27 +00:00

giles

8f4104a4bf

Add error handling to action endpoint dispatchers

Build and Deploy / build-and-deploy (push) Successful in 59s

Details

Unhandled exceptions in action handlers were returned as opaque
400/500 by Quart's default error handler. Now we catch, log the
full traceback, and return a JSON error body with 500 status so
the caller gets useful diagnostics.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-25 03:18:06 +00:00

giles

3b707ec8a0

Decouple all cross-app service calls to HTTP endpoints

Build and Deploy / build-and-deploy (push) Successful in 3m0s

Details

Replace every direct cross-app services.* call with HTTP-based
communication: call_action() for writes, fetch_data() for reads.
Each app now registers only its own domain service.

Infrastructure:
- shared/infrastructure/actions.py — POST client for /internal/actions/
- shared/infrastructure/data_client.py — GET client for /internal/data/
- shared/contracts/dtos.py — dto_to_dict/dto_from_dict serialization

Action endpoints (writes):
- events: 8 handlers (ticket adjust, claim/confirm, toggle, adopt)
- market: 2 handlers (create/soft-delete marketplace)
- cart: 1 handler (adopt cart for user)

Data endpoints (reads):
- blog: 4 (post-by-slug/id, posts-by-ids, search-posts)
- events: 10 (pending entries/tickets, entries/tickets for page/order,
  entry-ids, associated-entries, calendars, visible-entries-for-period)
- market: 1 (marketplaces-for-container)
- cart: 1 (cart-summary)

Service registration cleanup:
- blog→blog+federation, events→calendar+federation,
  market→market+federation, cart→cart only,
  federation→federation only, account→nothing
- Stubs reduced to minimal StubFederationService

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-25 03:01:38 +00:00

3 Commits