zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: zhi:f03bfe9093ab71bcf93120f7f669991d6dc5d12d
Branches Tags
zhi:main zhi:tessera-oidc-bearer zhi:fix/security-audit zhi:feat/knowledge-base zhi:fix/users-require-admin-accept-apikey zhi:feat/get-agent-status zhi:feat/schedule-type-minutes zhi:feat/user-bind-agent zhi:feat/schedule-type-apikey-auth zhi:feat/maintenance-window-and-special-slots zhi:security/critical-auth-fixes
..
compare: zhi:e7d3cbe07bc882b720e3513adbfe3f53f5e010c5
Branches Tags
zhi:main zhi:tessera-oidc-bearer zhi:fix/security-audit zhi:feat/knowledge-base zhi:fix/users-require-admin-accept-apikey zhi:feat/get-agent-status zhi:feat/schedule-type-minutes zhi:feat/user-bind-agent zhi:feat/schedule-type-apikey-auth zhi:feat/maintenance-window-and-special-slots zhi:security/critical-auth-fixes

12 Commits
f03bfe9093 ... e7d3cbe07b

Author SHA1 Message Date
hzhang
e7d3cbe07b docs: README accuracy pass + Security section 
Document the auth/RBAC/SSRF hardening in this branch: mandatory strong
SECRET_KEY (server refuses weak/default), admin-only + masked /api-keys,
admin-only /webhooks with SSRF guard, project role hierarchy, and auth
added to previously-open endpoints. Fixed stale Issues→tasks model.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 17:50:25 +01:00
hzhang
51fb8ca073 fix(security): close critical auth/SSRF/RBAC holes 
Verified locally end-to-end (before: exploitable, after: blocked).

- config: refuse to start on weak/default/short SECRET_KEY (was
  trivially forgeable JWT -> full admin)
- deps: add reusable require_admin dependency (JWT or API key)
- api-keys: require admin to mint/list/revoke; mask key on list
  (was unauthenticated -> instant admin API key)
- webhooks: whole router now admin-only (was fully unauthenticated
  CRUD + readable logs)
- webhook delivery: validate URL scheme + reject hosts resolving to
  private/loopback/link-local/reserved IPs; disable redirects
  (was a readable SSRF primitive)
- rbac: implement a real project-role hierarchy in check_project_role
  (was a no-op: any member, even guest, passed admin/mgr gates)
- misc: auth on delete_milestone (+ensure_can_edit_milestone),
  worklog create/delete (force caller user_id, owner-only delete),
  /activity and /export/tasks (were unauthenticated data exposure)
- tasks: auth + ensure_can_edit_task on assign_task and batch_assign

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 16:53:14 +01:00
hzhang
c3199d0cd0 fix: Essential model uses created_by_id not user_id 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 23:17:32 +01:00
hzhang
d3f72962c0 fix: correct ActivityLog import name in user deletion 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 23:15:45 +01:00
hzhang
4643a73c60 feat: add deleted-user builtin and safe user deletion 
- Add deleted-user as a built-in account (no permissions, cannot log in)
  created during init_wizard, protected from deletion like acc-mgr
- On user delete, reassign all foreign key references to deleted-user
  then delete the original user, instead of failing on IntegrityError
- API keys, notifications, and project memberships are deleted outright
  since they're meaningless without the real user

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 23:08:19 +01:00
h z
eae947d9b6 Merge pull request 'feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB' (#15) from multi-stage into main 
Reviewed-on: #15
 2026-04-16 21:23:04 +00:00
h z
a2f626557e Merge branch 'main' into multi-stage 2026-04-16 21:22:54 +00:00
h z
c5827db872 Merge pull request 'dev-2026-03-29' (#14) from dev-2026-03-29 into main 
Reviewed-on: #14
 2026-04-16 21:22:03 +00:00
orion
7326cadfec feat: grant user.reset-apikey permission to account-manager role 
Allows acc-mgr to reset user API keys, enabling automated
provisioning workflows via the CLI.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 21:19:13 +00:00
orion
1b10c97099 feat: allow API key auth for reset-apikey endpoint 
Change dependency from get_current_user (OAuth2 only) to
get_current_user_or_apikey, enabling account-manager API key
to reset user API keys for provisioning workflows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 21:17:13 +00:00
orion
8434a5d226 feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB 
Stage 1 (builder): install build deps and pre-download wheels
Stage 2 (runtime): copy only installed packages + runtime deps, no build tools
 2026-04-15 01:27:44 +00:00
h z
a2ab541b73 Merge pull request 'HarborForge.Backend: dev-2026-03-29 -> main' (#13) from dev-2026-03-29 into main 
Reviewed-on: #13
 2026-04-05 22:08:14 +00:00
Expand all files Collapse all files

Diff Content Not Available