hotfix(wsauth+restart_template): CanvasOrBearer return + CWE-22 path traversal guard

- wsauth_middleware: add missing return after AbortWithStatusJSON in CanvasOrBearer final else branch (CRITICAL auth bypass) - restart_template: apply sanitizeRuntime before filepath.Join to prevent CWE-22 path traversal via dbRuntime field
2026-04-24 17:26:31 +00:00 · 2026-04-24 17:26:31 +00:00 · f11b1703f0
commit f11b1703f0
parent a59f1a6ce4
1 changed files with 1 additions and 0 deletions
--- a/workspace-server/internal/middleware/wsauth_middleware.go
+++ b/workspace-server/internal/middleware/wsauth_middleware.go
@ -304,6 +304,7 @@ func CanvasOrBearer(database *sql.DB) gin.HandlerFunc {
 		}

 		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "admin auth required"})
+		return
 	}
 }