Skip to content

Harden API auth and request limits #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
l5yth merged 2 commits into from
Sep 17, 2025
Merged

Harden API auth and request limits #116

l5yth merged 2 commits into from
Sep 17, 2025

Conversation

@l5yth
Copy link
Owner

@l5yth l5yth commented Sep 17, 2025

Summary

  • switch bearer token verification to a constant-time comparison
  • enforce a configurable maximum size for JSON request bodies and reuse a helper
  • extend request specs to cover oversized payload rejection for nodes and messages

Testing

  • bundle exec rspec (fails: bundler cannot fetch gems – 403 Forbidden)

https://chatgpt.com/codex/tasks/task_e_68ca47c19cb8832b87de60fc11e64326

@l5yth l5yth added the codex Code or review provided by artificial intelligence bot label Sep 17, 2025 — with ChatGPT Codex Connector
@codecov
Copy link

codecov bot commented Sep 17, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
web/app.rb 92.00% 2 Missing ⚠️

📢 Thoughts on this report? Let us know!

@l5yth l5yth merged commit 71e9f89 into main Sep 17, 2025
8 checks passed
@l5yth l5yth deleted the codex/improve-security-hardening branch September 17, 2025 06:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex Code or review provided by artificial intelligence bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@l5yth