egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement security, error resilience, and query optimization proposals

Browse Source 
Security Validation (enhance-security-validation):
- JWT secret validation with entropy checking and pattern detection
- CSRF protection middleware with token generation/validation
- Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests
- MIME type validation with magic bytes detection for file uploads

Error Resilience (add-error-resilience):
- React ErrorBoundary component with fallback UI and retry functionality
- ErrorBoundaryWithI18n wrapper for internationalization support
- Page-level and section-level error boundaries in App.tsx

Query Performance (optimize-query-performance):
- Query monitoring utility with threshold warnings
- N+1 query fixes using joinedload/selectinload
- Optimized project members, tasks, and subtasks endpoints

Bug Fixes:
- WebSocket session management (P0): Return primitives instead of ORM objects
- LIKE query injection (P1): Escape special characters in search queries

Tests: 543 backend tests, 56 frontend tests passing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
2026-01-11 18:41:19 +08:00
parent 2cb591ef23
commit 679b89ae4c
41 changed files with 3673 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
openspec/changes/archive/2026-01-11-enhance-security-validation/tasks.md Normal file
View File

@@ -0,0 +1,19 @@
## 1. JWT Secret Validation
- [x] 1.1 Add minimum secret length check (32+ characters)
- [x] 1.2 Add entropy validation for JWT secret
- [x] 1.3 Log warning on startup if secret is weak
- [x] 1.4 Write unit tests for secret validation
## 2. CSRF Protection
- [x] 2.1 Add CSRF token generation utility
- [x] 2.2 Add CSRF validation middleware
- [x] 2.3 Apply to sensitive endpoints (password change, delete operations)
- [x] 2.4 Update frontend to include CSRF token in requests
- [x] 2.5 Write integration tests for CSRF validation
## 3. MIME Type Validation
- [x] 3.1 Add python-magic or similar library for MIME detection
- [x] 3.2 Implement magic bytes validation in file upload service
- [x] 3.3 Reject files where extension doesn't match actual content
- [x] 3.4 Add configurable allowed MIME types per file category
- [x] 3.5 Write unit tests for MIME validation