jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/internal/auth
History
Jeremie Fraeys 412d7b82e9
security: implement comprehensive secrets protection 
Critical fixes:
- Add SanitizeConnectionString() in storage/db_connect.go to remove passwords
- Add SecureEnvVar() in api/factory.go to clear env vars after reading (JWT_SECRET)
- Clear DB password from config after connection

Logging improvements:
- Enhance logging/sanitize.go with patterns for:
  - PostgreSQL connection strings
  - Generic connection string passwords
  - HTTP Authorization headers
  - Private keys

CLI security:
- Add --security-audit flag to api-server for security checks:
  - Config file permissions
  - Exposed environment variables
  - Running as root
  - API key file permissions
- Add warning when --api-key flag used (process list exposure)

Files changed:
- internal/storage/db_connect.go
- internal/api/factory.go
- internal/logging/sanitize.go
- internal/auth/flags.go
- cmd/api-server/main.go
2026-02-18 16:18:09 -05:00
..
api_key.go feat(api): refactor websocket handlers; add health and prometheus middleware 2026-01-05 12:31:07 -05:00
database.go feat(api): refactor websocket handlers; add health and prometheus middleware 2026-01-05 12:31:07 -05:00
flags.go security: implement comprehensive secrets protection 2026-02-18 16:18:09 -05:00
hybrid.go feat(api): refactor websocket handlers; add health and prometheus middleware 2026-01-05 12:31:07 -05:00
keychain.go Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
permissions.go feat(api): refactor websocket handlers; add health and prometheus middleware 2026-01-05 12:31:07 -05:00
permissions_loader.go Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
validator.go Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00