- 1.6: Replace hardcoded JWT secrets in chat server tests with runtime-generated
values (env TEST_JWT_SECRET or uuid-based fallback)
- 1.7: Add validateNoBypassFlagsInProduction() in config; fail startup if
BYPASS_CONTENT_CREATOR_ROLE or CSRF_DISABLED is set in production
Refs: AUDIT_TECHNIQUE_INTEGRAL_2026_02_15.md items 1.6, 1.7
- Add IsURLSafe() function to webhook service blocking private IPs,
localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health
Co-authored-by: Cursor <cursoragent@cursor.com>
Replace 65+ Regex::new().unwrap() calls with three once_cell::sync::Lazy
static collections:
- DANGEROUS_PATTERNS: 60+ XSS/SQL/command injection regexes
- ROOM_NAME_REGEX: room name character validation
- TOXIC_PATTERNS: 5 toxicity detection regexes
All patterns are compiled once at startup with .ok() filter for safety.
ContentFilter, ToxicityDetector now clone from the statics.
Also adds pub mod security_legacy to lib.rs so the module is compiled
and checked during CI builds.
Addresses audit finding D9: .unwrap() on Regex::new() in legacy code.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replace the stub filter_content() that always returned true with a real
implementation using compiled regex patterns:
- XSS vectors: <script>, javascript:, onXxx=, <iframe>, <object>, <embed>
- SQL injection: UNION SELECT, DROP TABLE, OR 1=1, ' OR '
- Command injection: eval(), exec()
Patterns compiled once at startup via once_cell::sync::Lazy with safe
.ok() filter (no .unwrap()). Returns false (reject) on pattern match.
Also enhances validate_content() to check dangerous patterns and return
a proper error.
Addresses audit findings D4, A04: ContentFilter stub always returned true.
Co-authored-by: Cursor <cursoragent@cursor.com>
- request_id.rs:36: UUID.to_string().parse().unwrap() replaced with
unwrap_or_else fallback to HeaderValue::from_static("unknown")
- prometheus_metrics.rs:357: Response::builder().body().unwrap() replaced
with unwrap_or_else fallback to a plain error response
Both were panic-capable paths in request handling middleware.
Addresses audit finding D9: .unwrap() in production code.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add JwtRevocationStore trait with InMemoryRevocationStore and RedisRevocationStore
- Wire Redis store when REDIS_URL is set (fallback in-memory if Redis unavailable)
- JWT blacklist persists across restarts when using Redis
Co-authored-by: Cursor <cursoragent@cursor.com>
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
