tiny-forge

alexei.dolgolyov/tiny-forge

Fork 0

Commit Graph

Author	SHA1	Message	Date
alexei.dolgolyov	582e7e39e3	feat(volume-browser): absolute scope with allowlist security - Add 'absolute' volume scope for direct host paths (NFS, external mounts) - Allowlist in settings: allowed_volume_paths (JSON array of prefixes) - Validation: absolute source must be under an allowed prefix - Empty allowlist = absolute scope disabled entirely - Settings API exposes/validates allowed_volume_paths - Frontend type updated with absolute scope	2026-04-01 23:31:27 +03:00
alexei.dolgolyov	0491849f0f	fix(volume-browser): address security review findings Critical fixes: - IDOR: verify volume belongs to project before resolving path - Upload: override global 1MB body limit for upload endpoint (100MB) High-priority fixes: - Symlink escape: use filepath.EvalSymlinks in safePath validation - Remove host filesystem path from browse API response - Sanitize Content-Disposition filenames, force application/octet-stream - Strip directory components from upload filenames	2026-04-01 23:17:35 +03:00
alexei.dolgolyov	4a0f223d61	feat(volume-browser): phase 1 - path resolver & file system API - Extract volume path resolution into shared internal/volume/resolver.go - File browser operations: ListDir, OpenFile, WriteZip, SaveFile - Strict path traversal protection (double-validated) - API endpoints: browse, download (file or zip), upload (multipart) - Refactor deployer to use shared resolver	2026-04-01 22:59:02 +03:00

Author

SHA1

Message

Date

alexei.dolgolyov

582e7e39e3

feat(volume-browser): absolute scope with allowlist security

- Add 'absolute' volume scope for direct host paths (NFS, external mounts)
- Allowlist in settings: allowed_volume_paths (JSON array of prefixes)
- Validation: absolute source must be under an allowed prefix
- Empty allowlist = absolute scope disabled entirely
- Settings API exposes/validates allowed_volume_paths
- Frontend type updated with absolute scope

2026-04-01 23:31:27 +03:00

alexei.dolgolyov

0491849f0f

fix(volume-browser): address security review findings

Critical fixes:
- IDOR: verify volume belongs to project before resolving path
- Upload: override global 1MB body limit for upload endpoint (100MB)

High-priority fixes:
- Symlink escape: use filepath.EvalSymlinks in safePath validation
- Remove host filesystem path from browse API response
- Sanitize Content-Disposition filenames, force application/octet-stream
- Strip directory components from upload filenames

2026-04-01 23:17:35 +03:00

alexei.dolgolyov

4a0f223d61

feat(volume-browser): phase 1 - path resolver & file system API

- Extract volume path resolution into shared internal/volume/resolver.go
- File browser operations: ListDir, OpenFile, WriteZip, SaveFile
- Strict path traversal protection (double-validated)
- API endpoints: browse, download (file or zip), upload (multipart)
- Refactor deployer to use shared resolver

2026-04-01 22:59:02 +03:00

3 Commits