hzhang
6afb935302
C1: replace fragile path.endsWith() guard whitelist with a metadata
@Public() decorator + Reflector (no more path-shape bypass surface).
C2: CenterApiKeyGuard attaches the authenticated GuildNode; introspect
& resolve-names now reject when body.guildNodeId != that node
(stops one node probing/enumerating another guild's identities).
C3: heartbeat/status are self-only (a node can't revoke/hijack another);
GET /nodes no longer returns apiKeyHash (credential-hash leak).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
9 lines
427 B
TypeScript
9 lines
427 B
TypeScript
import { SetMetadata } from '@nestjs/common';
|
|
|
|
// Routes annotated with @Public() skip the global CenterApiKeyGuard
|
|
// (api-key + node-identity) check. This is metadata-driven on purpose:
|
|
// the previous string-matching whitelist (path.endsWith(...)) was a
|
|
// bypass surface. Only the route's own decorator opens it.
|
|
export const IS_PUBLIC_KEY = 'fabric:isPublic';
|
|
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
|