egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a78d8788656d862613eab50f61d1597047d5c526
PROJECT-CONTORL/openspec/changes/archive/2026-01-10-add-input-validation-security/tasks.md
beabigegg 3bdc6ff1c9 feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements 
## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service

## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility

## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization

## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks

## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments

## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components

## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion

## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying

## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 22:13:43 +08:00

1.2 KiB
Raw Blame History

Tasks: Add Input Validation and Security Enhancements

1. Schema Input Validation

  • 1.1 Add max_length validation to TaskBase schema (title: 500, description: 10000)
  • 1.2 Add max_length validation to ProjectBase schema
  • 1.3 Add max_length validation to SpaceBase schema
  • 1.4 Add max_length validation to CommentBase schema
  • 1.5 Add max_length validation to all other schema string fields
  • 1.6 Add numeric range validation (ge=0, le=max_value) for decimal fields

2. WebSocket Token Security

  • 2.1 Implement WebSocket authentication via first message instead of query parameter
  • 2.2 Update frontend WebSocket connection to send token in first message
  • 2.3 Add server log filtering to mask sensitive query parameters as fallback (N/A - token no longer in query params)

3. File Path Security

  • 3.1 Add explicit path traversal validation in file_storage_service.py
  • 3.2 Ensure resolved path is within base directory
  • 3.3 Add logging for path traversal attempts

4. Testing

  • 4.1 Add unit tests for input validation edge cases
  • 4.2 Add security tests for path traversal attempts
  • 4.3 Test WebSocket authentication flow