senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-chat-server/src
History
senke 78db1fa684 fix(security): add SSRF protection, real track access validation, and pagination bounds 
- Add IsURLSafe() function to webhook service blocking private IPs,
  localhost, and cloud metadata endpoints (SSRF protection)
- Implement real validate_track_access() in stream server querying DB
  for track visibility, ownership, and purchase status
- Remove dangerous JWT fallback user in chat server that allowed
  deleted users to maintain access with forged credentials
- Add upper limit (100) on pagination in profile, track, and room handlers
- Fix Dockerfile.production healthcheck path to /api/v1/health

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 22:44:03 +01:00
..
core P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
database adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
generated adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
hub P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
middleware fix(chat): replace .unwrap() with safe alternatives in production code 2026-02-11 23:20:49 +01:00
models P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
repository STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
security fix(chat): implement real ContentFilter with XSS/injection pattern detection 2026-02-11 23:22:46 +01:00
services STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
websocket feat(chat): implement Redis rate limiting for WebSocket messages 2026-02-11 22:45:39 +01:00
advanced_moderation.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
auth.rs P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
authentication.rs P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
cache.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
chat_management.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
client.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
config.rs report generation and future tasks selection 2025-12-08 19:57:54 +01:00
delivered_status.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
env.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
error.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
event_bus.rs report generation and future tasks selection 2025-12-08 19:57:54 +01:00
grpc_client.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
grpc_server.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
jwt_manager.rs fix(security): add SSRF protection, real track access validation, and pagination bounds 2026-02-12 22:44:03 +01:00
jwt_revocation_store.rs feat(chat): add JWT revocation persistante Redis (P3.1) 2026-02-11 22:06:25 +01:00
lib.rs fix(chat): replace Regex::new().unwrap() with static Lazy in security_legacy.rs 2026-02-11 23:27:54 +01:00
main.rs feat(chat): implement Redis rate limiting for WebSocket messages 2026-02-11 22:45:39 +01:00
message_handler.rs P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
message_store.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
message_store_simple.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
messages.rs P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
moderation.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
monitoring.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
optimized_persistence.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
permissions.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
presence.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
prometheus_metrics.rs fix(chat): replace .unwrap() with safe alternatives in production code 2026-02-11 23:20:49 +01:00
rate_limiter.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
reactions.rs stabilisation commit 2026-01-04 01:44:23 +01:00
read_receipts.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
security_legacy.rs fix(chat): replace Regex::new().unwrap() with static Lazy in security_legacy.rs 2026-02-11 23:27:54 +01:00
simple_message_store.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
structured_logging.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
test_simple_store.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
typing_indicator.rs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
utils.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
validation.rs adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00