core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
3d6ad16a8f
molecule-core/platform/internal/middleware
History
Hongming Wang 55827baafa
fix(security): close unauthenticated PATCH /workspaces/:id (#120) + schedule IDOR (#113) 
Security fix merging despite CI outage (issue #136 — runner failing since 07:22, all jobs fail in 1-2s with no log output, infrastructure issue confirmed across 28 consecutive runs).

Issue #120 confirmed live by Security Auditor (cycle 3):
  curl -X PATCH .../workspaces/00000000-... -d '{"name":"probe"}' → 200 (no token)

Code reviewed and approved by Security Auditor. Tests added in commit 76cb7c3 follow established AdminAuth/sqlmock patterns. CI outage is unrelated to these changes.
2026-04-15 01:41:35 -07:00
..
ratelimit_test.go fix: #93 category_routing + #105 X-RateLimit headers 2026-04-15 00:23:46 -07:00
ratelimit.go fix: #93 category_routing + #105 X-RateLimit headers 2026-04-15 00:23:46 -07:00
securityheaders_test.go initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
securityheaders.go initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
tenant_guard_test.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
tenant_guard.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
wsauth_middleware_test.go test(security): add #120 regression tests — PATCH auth + workspace existence guard 2026-04-15 08:40:06 +00:00
wsauth_middleware.go fix(security): protect global secrets routes with AdminAuth middleware (Cycle 7) 2026-04-14 06:33:22 +00:00