Comparing e7d3cbe07b..f03bfe9093 - HarborForge.Backend - Hangman-Lab

zhi/HarborForge.Backend

Author	SHA1	Message	Date
hzhang	f03bfe9093	docs: README accuracy pass + Security section Document the auth/RBAC/SSRF hardening in this branch: mandatory strong SECRET_KEY (server refuses weak/default), admin-only + masked /api-keys, admin-only /webhooks with SSRF guard, project role hierarchy, and auth added to previously-open endpoints. Fixed stale Issues→tasks model. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 17:50:25 +01:00
hzhang	801a63f8bb	fix(security): close critical auth/SSRF/RBAC holes Verified locally end-to-end (before: exploitable, after: blocked). - config: refuse to start on weak/default/short SECRET_KEY (was trivially forgeable JWT -> full admin) - deps: add reusable require_admin dependency (JWT or API key) - api-keys: require admin to mint/list/revoke; mask key on list (was unauthenticated -> instant admin API key) - webhooks: whole router now admin-only (was fully unauthenticated CRUD + readable logs) - webhook delivery: validate URL scheme + reject hosts resolving to private/loopback/link-local/reserved IPs; disable redirects (was a readable SSRF primitive) - rbac: implement a real project-role hierarchy in check_project_role (was a no-op: any member, even guest, passed admin/mgr gates) - misc: auth on delete_milestone (+ensure_can_edit_milestone), worklog create/delete (force caller user_id, owner-only delete), /activity and /export/tasks (were unauthenticated data exposure) - tasks: auth + ensure_can_edit_task on assign_task and batch_assign Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-16 16:53:14 +01:00
hzhang	630c215e62	fix: Essential model uses created_by_id not user_id Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 23:17:32 +01:00
hzhang	00846f92df	fix: correct ActivityLog import name in user deletion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 23:15:45 +01:00
hzhang	04fa209f22	feat: add deleted-user builtin and safe user deletion - Add deleted-user as a built-in account (no permissions, cannot log in) created during init_wizard, protected from deletion like acc-mgr - On user delete, reassign all foreign key references to deleted-user then delete the original user, instead of failing on IntegrityError - API keys, notifications, and project memberships are deleted outright since they're meaningless without the real user Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 23:08:19 +01:00
hzhang	76c741a7ba	Merge pull request 'feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB' (#15 ) from multi-stage into main Reviewed-on: #15	2026-04-16 21:23:04 +00:00
hzhang	d92f8c76b2	Merge branch 'main' into multi-stage	2026-04-16 21:22:54 +00:00
hzhang	779854d69f	Merge pull request 'dev-2026-03-29' (#14 ) from dev-2026-03-29 into main Reviewed-on: #14	2026-04-16 21:22:03 +00:00
orion	61fcca8aff	feat: grant user.reset-apikey permission to account-manager role Allows acc-mgr to reset user API keys, enabling automated provisioning workflows via the CLI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 21:19:13 +00:00
orion	5696a068e6	feat: allow API key auth for reset-apikey endpoint Change dependency from get_current_user (OAuth2 only) to get_current_user_or_apikey, enabling account-manager API key to reset user API keys for provisioning workflows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 21:17:13 +00:00
orion	a3be8380c9	feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB Stage 1 (builder): install build deps and pre-download wheels Stage 2 (runtime): copy only installed packages + runtime deps, no build tools	2026-04-15 01:27:44 +00:00
hzhang	beb95f7bbe	Merge pull request 'HarborForge.Backend: dev-2026-03-29 -> main' (#13 ) from dev-2026-03-29 into main Reviewed-on: #13	2026-04-05 22:08:14 +00:00

Diff Content Not Available