alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docker-watcher): phase 8 security fixes

Browse Source 
Remove webhook secret from logs and API response.
Add auth-pending note to router. Fix decrypt fallback that
would use ciphertext as auth token on decrypt failure.
This commit is contained in:
Admin
2026-03-27 22:10:00 +03:00
parent 97d4243cfe
commit 757c72eea1
22 changed files with 1312 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/registries.go
+6 -6
View File
@@ -195,10 +195,10 @@ func (s *Server) testRegistry(w http.ResponseWriter, r *http.Request) {
if token != "" {
decrypted, err := crypto.Decrypt(s.encKey, token)
if err != nil {
token = reg.Token // Fall back to raw token.
} else {
token = decrypted
respondError(w, http.StatusInternalServerError, "failed to decrypt registry token")
return
}
token = decrypted
}
client, err := registry.NewClient(reg.Type, reg.URL, token)
@@ -239,10 +239,10 @@ func (s *Server) listRegistryTags(w http.ResponseWriter, r *http.Request) {
if token != "" {
decrypted, err := crypto.Decrypt(s.encKey, token)
if err != nil {
token = reg.Token
} else {
token = decrypted
respondError(w, http.StatusInternalServerError, "failed to decrypt registry token")
return
}
token = decrypted
}
client, err := registry.NewClient(reg.Type, reg.URL, token)