fix(security): hardens auth, XSS, rate limiting, and repo posture#43
Merged
wgordon17 merged 8 commits intogordon-code:mainfrom Apr 2, 2026
Merged
Conversation
Auth lifecycle: - clears dashboard cache on token expiry (prevents data leak to next user) - propagates 401 from allSettled to trigger re-auth (prevents zombie polling) - adds cross-tab auth sync via storage event listener - moves OAuth returnTo read to after CSRF check passes XSS / injection: - validates pr.htmlUrl with isSafeGitHubUrl before passing to StatusDot/SizeBadge - replaces inline style label colors with adoptedStyleSheets registry - removes style-src-attr unsafe-inline from CSP (zero unsafe-* directives) - refactors UserAvatarBadge inline style to Tailwind class Rate limiting / DoS: - caps fetchRepos pagination at 1000 repos with warning notification - serializes discoverUpstreamRepos to prevent TOCTOU race on repo cap - adds length bounds to VALID_REPO_NAME regex (consistent with Zod schema) - adds soft warning at 100+ repos in RepoSelector - adds in-memory rate limiter to Worker token exchange endpoint - adds HSTS to Worker SECURITY_HEADERS (matches static asset headers) Stores / cache: - adds .max(500) to ignoredItems with FIFO eviction - adds pruneClosedIgnoredItems (30-day TTL) called on app startup - wraps IndexedDB QuotaExceededError retry in try/catch (logs instead of crash) Repo posture: - adds SECURITY.md with responsible disclosure policy - adds CODEOWNERS - adds .npmrc with ignore-scripts=true - pins happy-dom to exact version (removes caret range) - adds CSP inline script hash verification to CI - adds Sentry security token support to Worker tunnel - documents Worker _dsnCache safety rationale - fixes poll coordinator mount/unmount race
…expireToken for cross-tab sync
- removes IP from rate-limit log, adds prune threshold guard - makes SENTRY_DSN optional in Env interface - moves returnTo consumption after auth success in OAuthCallback - adds race-safe coordinator guard to onAuthCleared + clearHotSets - extracts IGNORED_ITEMS_CAP constant, fixes FALLBACK_FG consistency - documents CSP style-src-attr requirement (Kobalte) in SECURITY.md - adds 13 tests: cross-tab auth sync, 401 propagation, label-colors CSS rules, fetchRepos cap, rate-limit window reset, multi-user upstream discovery cap
- deletes orphaned scripts/verify-csp-hash.mjs (replaced by inline CI shell) - updates prek.toml and deploy.yml to use inline CSP hash check - adds tests for returnTo preserved on validateToken failure and token exchange failure - adds test for SENTRY_DSN: undefined (optional field coverage)
…ync hook - pnpm-lock.yaml specifier was ^20.8.9, package.json was pinned to 20.8.9 — CI frozen-lockfile install failed on the mismatch - adds lockfile-sync pre-commit hook that runs pnpm install --frozen-lockfile when package.json or pnpm-lock.yaml changes
wgordon17
force-pushed
the
fix/security-hardening
branch
from
667260f to
9222965
Compare
Replaces sequential curl loops (81s) with GNU parallel (-j10, ~2s). Test specs become a pipe-delimited data array parsed by exported functions. Adds --max-time 10 per curl, --timeout 15 per job, command -v guard, and empty-output infrastructure failure detection.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary