fix(security): close Critical auth gaps (C1/C2/C3)
C1: replace fragile path.endsWith() guard whitelist with a metadata
@Public() decorator + Reflector (no more path-shape bypass surface).
C2: CenterApiKeyGuard attaches the authenticated GuildNode; introspect
& resolve-names now reject when body.guildNodeId != that node
(stops one node probing/enumerating another guild's identities).
C3: heartbeat/status are self-only (a node can't revoke/hijack another);
GET /nodes no longer returns apiKeyHash (credential-hash leak).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
8
src/common/public.decorator.ts
Normal file
8
src/common/public.decorator.ts
Normal file
@@ -0,0 +1,8 @@
|
||||
import { SetMetadata } from '@nestjs/common';
|
||||
|
||||
// Routes annotated with @Public() skip the global CenterApiKeyGuard
|
||||
// (api-key + node-identity) check. This is metadata-driven on purpose:
|
||||
// the previous string-matching whitelist (path.endsWith(...)) was a
|
||||
// bypass surface. Only the route's own decorator opens it.
|
||||
export const IS_PUBLIC_KEY = 'fabric:isPublic';
|
||||
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
|
||||
Reference in New Issue
Block a user