chore: production hardening and low-hanging fruit#37
Draft
xernobyl wants to merge 8 commits intofeat/webhook-cache-retry-metrics-repo-namingfrom
Draft
chore: production hardening and low-hanging fruit#37xernobyl wants to merge 8 commits intofeat/webhook-cache-retry-metrics-repo-namingfrom
xernobyl wants to merge 8 commits intofeat/webhook-cache-retry-metrics-repo-namingfrom
Conversation
xernobyl
changed the base branch from
main
to
feat/webhook-cache-retry-metrics-repo-naming
xernobyl
changed the title
xernobyl
force-pushed
the
chore/low-hanging-fruit
branch
from
c1856b3 to
98f94f6
Compare
…e/low-hanging-fruit
…e/low-hanging-fruit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds production-hardening and low-hanging fruit: constant-time API key comparison, request body limit with metric, error sanitization for 403, DB connection pool configuration, docs for new env vars, and webhook secret exposure hardening.
Changes
Security & hardening
internal/api/middleware/auth.go): Usecrypto/subtle.ConstantTimeComparefor API key check to avoid timing side-channels.internal/api/middleware/max_body.go):MaxBody(maxBytes, recorder)middleware caps body size viahttp.MaxBytesReader; returns 413 when exceeded. Buffers response only for POST/PUT/PATCH. Config:MAX_REQUEST_BODY_BYTES(default 10 MiB). Metric:hub_request_body_too_large_total.internal/api/handlers/webhooks_handler.go): 403 Forbidden for webhook limit exceeded returns fixed message "Maximum number of webhooks reached"; actual error logged server-side only.internal/models/webhooks.go,internal/api/handlers/webhooks_handler.go):GET /v1/webhooksandGET /v1/webhooks/{id}now return public webhook DTOs that omitsigning_key.Database
pkg/database/postgres.go,internal/config):PoolConfigandNewPostgresPool(ctx, url, opts). Env:DATABASE_MAX_CONNS,DATABASE_MIN_CONNS,DATABASE_MAX_CONN_LIFETIME_SECONDS(defaults 25, 0, 3600). All call sites (main, tests) pass pool config from config.Docs
MAX_REQUEST_BODY_BYTES) and database pool (DATABASE_MAX_CONNS,DATABASE_MIN_CONNS,DATABASE_MAX_CONN_LIFETIME_SECONDS) documented indocs/reference/environment-variables.mdx.Tests
tests/integration_test.go):TestWebhooksCRUDnow assertssigning_keyis absent from webhook GET and LIST responses.Testing
go test ./internal/... ./pkg/... -count=1✅make tests(with Postgres,.envloaded) ✅make fmt✅Checklist
make fmt,make lint).