Skip to content

fix: security hardening and HA deployment guide#226

Open
ZPascal wants to merge 7 commits into
feature/ai-agent-supportfrom
feature/security-ha
Open

fix: security hardening and HA deployment guide#226
ZPascal wants to merge 7 commits into
feature/ai-agent-supportfrom
feature/security-ha

Conversation

@ZPascal
Copy link
Copy Markdown
Owner

@ZPascal ZPascal commented May 31, 2026

Summary

  • Raised bcrypt cost factor from 10 to 12
  • Fixed jsonError to use json.Marshal (prevents unescaped special characters in error responses)
  • Hardened CORS default: corsorigins now defaults to [] (deny all cross-origin) instead of ["*"]
  • Added per-IP rate limiting on /register via register_ratelimit config option (default 10/min)
  • Fixed SQL injection pattern in NewTXTValuesInTransaction (parameterized query + prepared statement)
  • Fixed goroutine leak in rate limiter: replaced time.Tick with time.NewTicker + stop() method
  • Added active-active HA deployment guide (docs/ha-deployment.md) with HAProxy and pgBouncer examples

Test Plan

  • go test -race ./... passes
  • go build ./... builds cleanly
  • POST /register from same IP beyond limit returns 429
  • Different IPs are rate-limited independently
  • corsorigins = [] blocks cross-origin requests by default

ZPascal added 7 commits May 31, 2026 22:45
@ZPascal
fix: raise bcrypt cost factor from 10 to 12
6a2ce60
@ZPascal
fix: use json.Marshal in jsonError to handle special characters
5e91ce9 
Replaces fmt.Sprintf string interpolation with encoding/json to
correctly escape quotes, newlines, and other special characters
in error messages.
@ZPascal
fix: harden CORS default to deny cross-origin by default; document br…
05f649e 
…eaking change
@ZPascal
docs: add active-active HA deployment guide with HAProxy and pgBounce…
840f415 
…r examples
@ZPascal
feat: add per-IP rate limiting to /register endpoint
dccd971 
Adds an in-memory token bucket rate limiter (stdlib only: sync, time) with
one bucket per source IP. The new config field register_ratelimit controls
the per-minute limit (0 = unlimited); defaults to 10 in config.cfg.
@ZPascal
fix: use parameterized query in NewTXTValuesInTransaction to prevent …
1341de2 
…SQL injection
@ZPascal
fix: use time.NewTicker in rateLimiter to prevent goroutine leak
2a3aaae
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZPascal