senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/handlers
History
senke 29cb93767f feat(security): open-redirect protection on Stripe Connect + KYC return URLs 
v1.0.10 sécu item 7. The SSRF audit flagged callbacks on Hyperswitch +
distribution submissions ; investigating those revealed a different
risk class on the user-supplied return_url fields :

  * sell_handler.ConnectOnboard accepts return_url + refresh_url and
    forwards them to Stripe Connect.
  * kyc_handler.StartVerification accepts return_url and forwards it
    to Stripe Identity.

Stripe doesn't fetch these URLs server-side (so SSRF is not the
risk), but it redirects the user's browser there after the flow
completes. Without an allow-list, an attacker can craft an onboarding
or verification link with `return_url=https://attacker.com/phishing`
and a victim who clicks the resulting Stripe URL lands on the
attacker's page after Stripe finishes — open-redirect attack
disguised as a legitimate Stripe flow.

Hyperswitch + distribution were already protected :
  * Webhook URLs go through validators.ValidateWebhookURL
    (services/webhook_service.go:54) which blocks private IPs +
    requires HTTPS — pre-existing SSRF guard from SEC-07.
  * Hyperswitch's own callback URL is configured server-side, not
    user-supplied (cf. hyperswitch/client.go) — no SSRF surface.
  * Distribution submissions don't carry user-supplied callbacks —
    the destination platforms are hard-coded.

What's added :

  validators/url_validator.go
    * ValidateRedirectURL(rawURL, allowedHosts) — accepts http or
      https (since Stripe-redirect targets may be local dev hosts),
      requires hostname to match one of allowedHosts exactly OR be
      a subdomain of one. Empty allowedHosts ⇒ permissive (used in
      dev / unconfigured envs ; only checks for non-internal IPs).
    * Reuses the existing IsInternalOrPrivateURL guard so SSRF
      protection still applies for the permissive branch.

  handlers/sell_handler.go + handlers/kyc_handler.go
    * Both handlers now take an allowedRedirectHosts []string param
      at construction. Validation runs after the URL defaults are
      applied so the caller's submitted URL is checked, not the
      backend-derived fallback.
    * Validation failure → 400 with a clear message ("invalid
      return_url: <reason>") so the SPA can render the right error.

  api/routes_marketplace.go
    * Both handlers receive the existing
      cfg.OAuthAllowedRedirectDomains list at construction. Same
      list as the OAuth callback validation, same operator config,
      single source of truth.

Tests pass : go test ./internal/{handlers,validators} -short.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 11:42:41 +02:00
..
account_deletion_handler.go fix(v0.12.6): apply all pentest remediations — 36 findings across 36 files 2026-03-14 00:44:46 +01:00
admin_transfer_handler.go feat(marketplace): async stripe connect reversal worker — v1.0.7 item B day 2 2026-04-17 15:34:29 +02:00
admin_transfer_handler_test.go feat(marketplace): async stripe connect reversal worker — v1.0.7 item B day 2 2026-04-17 15:34:29 +02:00
announcement_handler.go fix(backend): unblock handlers + elasticsearch test packages 2026-04-30 14:48:23 +02:00
announcement_handler_test.go test(v0.803): unit tests for CCPA, reports, announcements, feature flags 2026-02-25 20:02:24 +01:00
api_flow_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
api_key_handler.go feat(developer): add API keys backend (Lot C) 2026-02-20 00:18:36 +01:00
audit.go api-contracts: update backend handlers to use wrapped format 2026-01-15 17:32:02 +01:00
audit_test.go stabilisation commit A 2026-01-07 19:39:21 +01:00
auth.go feat(auth): DB-backed JWT jti revocation ledger (sécu item 6) 2026-05-02 11:37:02 +02:00
auth_fuzz_test.go style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
auth_handler_test.go feat(auth): RGPD/COPPA age gate at registration (16+ minimum) 2026-05-01 18:05:47 +02:00
auth_integration_test.go ci: bump Go to 1.25 and fix goimports drift in 3 files 2026-04-14 17:02:09 +02:00
avatar_handler.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
avatar_handler_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
bitrate_handler.go api-contracts: update backend handlers to use wrapped format 2026-01-15 17:32:02 +01:00
bitrate_handler_test.go fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
chat_attachment_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
chat_handler.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
chat_handler_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
chat_reaction_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
chat_search_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
chat_websocket_handler.go fix(v0.12.6): apply all pentest remediations — 36 findings across 36 files 2026-03-14 00:44:46 +01:00
cloud_handler.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
co_listening_handler.go feat(v0.10.7): Collaboration Temps Réel F481-F483 2026-03-10 13:34:16 +01:00
co_listening_websocket_handler.go style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
comment_handler.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
comment_handler_test.go chore: consolidate CI, E2E, backend and frontend updates 2026-02-17 16:43:21 +01:00
common.go refactor(backend): J3 — remove 3 deprecated unused handlers 2026-04-14 18:11:07 +02:00
config_reload.go v0.9.4 2026-03-05 23:03:43 +01:00
config_reload_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
csrf.go state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
csrf_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
dashboard.go release(v0.903): Vault - ORDER BY whitelist, rate limiter, VERSION sync, chat-server cleanup, Go 1.24 2026-02-27 09:43:25 +01:00
dashboard_test.go chore(release): v0.922 — Greenlight (handler tests: dashboard, presence) 2026-03-02 12:30:51 +01:00
distribution_handler.go feat(subscription): recovery endpoint + distribution gate (v1.0.9 item G — Phase 3) 2026-04-27 11:33:40 +02:00
distribution_handler_test.go feat(v0.12.2): F501-F510 distribution service, handler, and routes 2026-03-10 19:54:26 +01:00
dmca_handler.go feat(legal): DMCA notice handler + admin queue + 451 playback gate (W3 Day 14) 2026-04-28 15:39:33 +02:00
education_handler.go feat(backend,web): single source of truth for upload-size limits 2026-04-16 19:37:37 +02:00
education_handler_test.go feat(v0.12.3): F276-F305 video upload, HLS transcoding, education tests 2026-03-11 19:20:48 +01:00
embed_handler.go feat(embed): /embed/track/:id widget + /oembed envelope + per-track OG tags (W3 Day 15) 2026-04-28 15:49:54 +02:00
embed_handler_test.go feat(embed): /embed/track/:id widget + /oembed envelope + per-track OG tags (W3 Day 15) 2026-04-28 15:49:54 +02:00
error_contract_test.go fix: stabilize builds, tests, and lint across all stacks 2026-04-05 16:48:07 +02:00
error_response.go v0.9.8 2026-03-06 19:13:16 +01:00
feature_flag_handler.go fix(backend): unblock handlers + elasticsearch test packages 2026-04-30 14:48:23 +02:00
feature_flag_handler_test.go test(v0.803): unit tests for CCPA, reports, announcements, feature flags 2026-02-25 20:02:24 +01:00
frontend_log_handler.go api-contracts: update backend handlers to use wrapped format 2026-01-15 17:32:02 +01:00
frontend_log_handler_test.go stabilisation commit A 2026-01-07 19:39:21 +01:00
gdpr_export_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
gear_handler.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
health.go feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 2026-02-23 23:42:02 +01:00
health_deep_test.go feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 2026-02-23 23:42:02 +01:00
health_p1_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
health_test.go fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
hls_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
hls_handler_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
kyc_handler.go feat(security): open-redirect protection on Stripe Connect + KYC return URLs 2026-05-02 11:42:41 +02:00
live_health_handler.go feat(backend,web): surface RTMP ingest health on the Go Live page 2026-04-16 23:52:36 +02:00
live_health_handler_test.go feat(backend,web): surface RTMP ingest health on the Go Live page 2026-04-16 23:52:36 +02:00
live_stream_callback.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
live_stream_handler.go feat(v0.10.6): Livestreaming basique F471-F476 2026-03-10 10:21:57 +01:00
login_history_handler.go feat(v0.13.3): complete - Polish Sécurité Avancée 2026-03-13 10:09:01 +01:00
marketplace.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
marketplace_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
marketplace_test.go fix: stabilize builds, tests, and lint across all stacks 2026-04-05 16:48:07 +02:00
metrics.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
metrics_aggregated.go stabilisation commit A 2026-01-07 19:39:21 +01:00
metrics_aggregated_test.go stabilisation commit A 2026-01-07 19:39:21 +01:00
metrics_test.go fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
metrics_test.go.disabled fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
notification_handlers.go style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
notification_handlers_test.go feat(v0.10.5): Notifications complètes — F551-F555 2026-03-10 10:02:21 +01:00
oauth_handlers.go v0.9.4 2026-03-05 23:03:43 +01:00
oauth_handlers_test.go release(v0.902): Sentinel - PKCE OAuth, token encryption, redirect validation, CHAT_JWT_SECRET 2026-02-26 19:49:15 +01:00
password_reset_handler.go feat(openapi): annotate queue + password-reset handlers + regen 2026-04-26 00:55:26 +02:00
password_reset_handler_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
payout_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
payout_handler_test.go feat(v0.12.0): F252-F254 marketplace service enhancements 2026-03-10 18:52:06 +01:00
playback_analytics_handler.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
playback_analytics_handler_test.go chore(v0.102): consolidate remaining changes — docs, frontend, backend 2026-02-20 13:02:12 +01:00
playback_websocket_handler.go refactor(backend): J3 — remove 3 deprecated unused handlers 2026-04-14 18:11:07 +02:00
playback_websocket_handler_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
playlist_collaboration_integration_test.go [BE-TEST-010] test: Add integration tests for playlist collaboration 2025-12-25 01:39:43 +01:00
playlist_error_helper.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
playlist_error_helper_test.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
playlist_export_handler.go stabilisation commit: while implementing v0.10.5 2026-03-09 19:36:33 +01:00
playlist_export_handler_test.go [T0-006] test(backend): Ajout tests pour frontend_log_handler 2026-01-04 01:44:22 +01:00
playlist_handler.go refactor(backend): extract upload + collaborators into sibling files 2026-05-01 04:10:43 +02:00
playlist_handler_collaborators.go refactor(backend): extract upload + collaborators into sibling files 2026-05-01 04:10:43 +02:00
playlist_handler_integration_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
playlist_handler_test.go feat(v0.10.4): Playlists collaboratives - F136, F140, F141, F143, F145 2026-03-09 16:49:05 +01:00
playlist_track_handler_integration_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
presence_handler.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
presence_handler_test.go chore(release): v0.922 — Greenlight (handler tests: dashboard, presence) 2026-03-02 12:30:51 +01:00
privacy_handler.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
profile_handler.go feat(openapi): annotate profile_handler users endpoints (v1.0.8 B-annot) 2026-04-24 01:09:05 +02:00
profile_handler_integration_test.go [BE-API-002] api: Implement playlist collaborators endpoints 2025-12-23 01:41:43 +01:00
profile_handler_test.go [BE-TEST-007] test: Add unit tests for webhook handlers 2025-12-25 01:32:54 +01:00
profile_handler_test.go.disabled fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
queue_handler.go feat(openapi): annotate queue + password-reset handlers + regen 2026-04-26 00:55:26 +02:00
queue_session_handler.go feat(openapi): annotate queue + password-reset handlers + regen 2026-04-26 00:55:26 +02:00
report_handler.go fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
report_handler_test.go test(v0.803): unit tests for CCPA, reports, announcements, feature flags 2026-02-25 20:02:24 +01:00
response.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
role_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
role_handler_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
room_handler.go style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
room_handler_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
royalty_splits_handler.go feat(marketplace): multi-creator royalty splits with audit ledger 2026-05-01 20:53:22 +02:00
search_handlers.go feat(search): faceted filters (genre/key/BPM/year) + FacetSidebar UI (W4 Day 18) 2026-04-29 10:33:35 +02:00
search_handlers_test.go feat(search): faceted filters (genre/key/BPM/year) + FacetSidebar UI (W4 Day 18) 2026-04-29 10:33:35 +02:00
sell_handler.go feat(security): open-redirect protection on Stripe Connect + KYC return URLs 2026-05-02 11:42:41 +02:00
session.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
session_test.go feat(auth): enrich sessions page with history and revoke (A4) 2026-02-20 14:52:20 +01:00
settings_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
settings_handler_test.go incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
social.go chore(api): orval-migrate search/social wrappers + drop dead auth duplicates (v1.0.9 item 1.6) 2026-04-26 23:25:07 +02:00
social_group_handler.go style(backend): gofmt -w on 85 files (whitespace only) 2026-04-14 12:22:14 +02:00
social_test.go chore(release): v0.931 — Cursor (cursor-based pagination, performance baseline) 2026-03-02 12:35:49 +01:00
status_handler.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
status_handler_test.go fix: resolve stream server compilation errors and integrate chat stability fixes 2026-01-04 01:44:22 +01:00
stream_events_handler.go v0.9.8 2026-03-06 19:13:16 +01:00
subscription_handler.go feat(subscription): recovery endpoint + distribution gate (v1.0.9 item G — Phase 3) 2026-04-27 11:33:40 +02:00
subscription_handler_test.go feat(v0.12.1): subscription plans service, handler, and routes 2026-03-10 19:36:57 +01:00
support_handler.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
support_handler_test.go feat(v0.13.5): polish marketplace & compliance — KYC, support, payout E2E 2026-03-13 14:57:19 +01:00
system_metrics.go state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
system_metrics_test.go state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
system_metrics_test.go.disabled fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
tag_handler.go v0.9.8 beta 2026-03-07 00:54:35 +01:00
tag_handler_test.go feat(v0.802): frontend Cloud/Gear, MSW, docs, scope v0.803, archive 2026-02-25 14:00:58 +01:00
terms_handler.go feat(legal): versioned terms acceptance ledger (CGU/CGV/mentions) 2026-05-01 20:47:07 +02:00
track_stem_handler.go feat(v0.10.7): Collaboration Temps Réel F481-F483 2026-03-10 13:34:16 +01:00
two_factor_handler.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
two_factor_handler_test.go fix(v0.12.6.1): remediate 2 CRITICAL + 10 HIGH + 1 MEDIUM pentest findings 2026-03-12 05:40:53 +01:00
upgrade_creator_handler.go feat(backend,web): self-service creator role upgrade via /settings 2026-04-16 18:35:07 +02:00
upgrade_creator_handler_test.go feat(backend,web): self-service creator role upgrade via /settings 2026-04-16 18:35:07 +02:00
upload.go fix(backend): commit swagger annotation pass + missing handler methods 2026-05-01 10:16:57 +02:00
upload_test.go fix(security): add ownership check to GetUploadStatus handler (IDOR fix) 2026-02-22 17:30:30 +01:00
validate.go security: create useFormValidation hook for pre-validation 2026-01-15 20:06:30 +01:00
validation_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
webauthn_handler.go feat(v0.13.3): complete - Polish Sécurité Avancée 2026-03-13 10:09:01 +01:00
webhook_handlers.go chore(docs): add v0.101 diagnostic baseline 2026-02-19 16:08:05 +01:00
webhook_handlers_test.go [BE-TEST-007] test: Add unit tests for webhook handlers 2025-12-25 01:32:54 +01:00
webrtc_config_handler.go feat(webrtc): coturn ICE config endpoint + frontend wiring + ops template (v1.0.9 item 1.2) 2026-04-26 23:38:42 +02:00
webrtc_config_handler_test.go feat(webrtc): coturn ICE config endpoint + frontend wiring + ops template (v1.0.9 item 1.2) 2026-04-26 23:38:42 +02:00