Skip to content

fix: security hardening and HA deployment guide#224

Merged
ZPascal merged 7 commits into
feature/dns-api-extendedfrom
feature/security-ha
May 30, 2026
Merged

fix: security hardening and HA deployment guide#224
ZPascal merged 7 commits into
feature/dns-api-extendedfrom
feature/security-ha

Conversation

@ZPascal
Copy link
Copy Markdown
Owner

@ZPascal ZPascal commented May 30, 2026

Summary

  • SQL injection fix: NewTXTValuesInTransaction now uses a parameterized query + prepared statement instead of fmt.Sprintf string interpolation (defense-in-depth — input was already sanitized)
  • bcrypt cost: Raised from 10 to 12 (~300ms per registration, transparent to existing stored hashes)
  • jsonError: Uses json.Marshal instead of fmt.Sprintf to safely encode error messages containing quotes or special characters
  • Rate limiting: Per-IP in-memory token bucket on /register; configured via register_ratelimit = 10 in [api] (0 = unlimited); returns HTTP 429 when exceeded
  • CORS default hardening: corsorigins default changed from ["*"] to [] — deny all cross-origin by default. Breaking change — documented in CHANGELOG.md
  • HA guide: docs/ha-deployment.md — active-active deployment with shared PostgreSQL, HAProxy/pgBouncer examples, Kubernetes probes, failure modes table, rolling upgrade procedure

Depends on: #223

Breaking Changes

corsorigins default is now []. Deployments relying on the implicit * must explicitly set corsorigins = ["*"] in their config.

Test Plan

  • go test ./... passes
  • go vet ./... clean
  • /register returns 429 after exceeding register_ratelimit from same IP
  • /register from a different IP still returns 201 after limit hit on another IP
  • jsonError with a message containing "quotes" produces valid JSON
  • Review CHANGELOG.md for breaking change note
  • Review docs/ha-deployment.md

ZPascal added 7 commits May 30, 2026 22:31
@ZPascal
fix: raise bcrypt cost factor from 10 to 12
c36ae18
@ZPascal
fix: use json.Marshal in jsonError to handle special characters
6cd3f57 
Replaces fmt.Sprintf string interpolation with encoding/json to
correctly escape quotes, newlines, and other special characters
in error messages.
@ZPascal
fix: harden CORS default to deny cross-origin by default; document br…
04dd22e 
…eaking change
@ZPascal
docs: add active-active HA deployment guide with HAProxy and pgBounce…
a1f98b0 
…r examples
@ZPascal
feat: add per-IP rate limiting to /register endpoint
e7df44a 
Adds an in-memory token bucket rate limiter (stdlib only: sync, time) with
one bucket per source IP. The new config field register_ratelimit controls
the per-minute limit (0 = unlimited); defaults to 10 in config.cfg.
@ZPascal
fix: use parameterized query in NewTXTValuesInTransaction to prevent …
97a0854 
…SQL injection
@ZPascal
fix: use time.NewTicker in rateLimiter to prevent goroutine leak
21ce69f
Base automatically changed from feature/ai-agent-support to feature/dns-api-extended May 30, 2026 21:47
@ZPascal ZPascal merged commit 21ce69f into feature/dns-api-extended May 30, 2026
6 of 7 checks passed
@ZPascal ZPascal deleted the feature/security-ha branch May 30, 2026 21:47
@ZPascal ZPascal restored the feature/security-ha branch May 31, 2026 20:06
@ZPascal ZPascal deleted the feature/security-ha branch May 31, 2026 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZPascal