senke/veza - Talas Project: Beyond coding. We Forge.

senke/veza

Fork 0

Commit graph

Author	SHA1	Message	Date
senke	78db1fa684	fix(security): add SSRF protection, real track access validation, and pagination bounds - Add IsURLSafe() function to webhook service blocking private IPs, localhost, and cloud metadata endpoints (SSRF protection) - Implement real validate_track_access() in stream server querying DB for track visibility, ownership, and purchase status - Remove dangerous JWT fallback user in chat server that allowed deleted users to maintain access with forged credentials - Add upper limit (100) on pagination in profile, track, and room handlers - Fix Dockerfile.production healthcheck path to /api/v1/health Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-12 22:44:03 +01:00
senke	d33c351ac6	refonte: backend-api go first; phase 1	2025-12-12 21:34:34 -05:00
okinrev	2425c15b09	adding initial backend API (Go)	2025-12-03 20:29:37 +01:00

Author

SHA1

Message

Date

senke

78db1fa684

fix(security): add SSRF protection, real track access validation, and pagination bounds

- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-12 22:44:03 +01:00

senke

d33c351ac6

refonte: backend-api go first; phase 1

2025-12-12 21:34:34 -05:00

okinrev

2425c15b09

adding initial backend API (Go)

2025-12-03 20:29:37 +01:00

3 commits