From 77998c76f7f7e9047957d9e1d1a7d493d4628c42 Mon Sep 17 00:00:00 2001 From: Molecule AI Fullstack Engineer Date: Fri, 15 May 2026 01:18:22 +0000 Subject: [PATCH] fix(channels): remove duplicate EncryptSensitiveFields call in Create MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Create handler called EncryptSensitiveFields twice (copy-paste error introduced during the OFFSEC-010 conflict resolution at commit 58882381). The second call is harmless — EncryptSensitiveFields is idempotent and skips values already prefixed with "ec1:" — but it wastes CPU and signals a copy-paste bug. Remove it. Co-Authored-By: Claude Opus 4.7 --- workspace-server/internal/handlers/channels.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/workspace-server/internal/handlers/channels.go b/workspace-server/internal/handlers/channels.go index 6d9008bf5..e27a93be6 100644 --- a/workspace-server/internal/handlers/channels.go +++ b/workspace-server/internal/handlers/channels.go @@ -149,15 +149,6 @@ func (h *ChannelHandler) Create(c *gin.Context) { return } - // #319: encrypt sensitive fields (bot_token, webhook_secret) before - // persisting so a DB read/backup leak can't recover the credentials. - // Validation above ran against plaintext; storage is ciphertext. - if err := channels.EncryptSensitiveFields(body.Config); err != nil { - log.Printf("Channels: encrypt config failed for workspace %s: %v", workspaceID, err) - c.JSON(http.StatusInternalServerError, gin.H{"error": "encrypt failed"}) - return - } - configJSON, _ := json.Marshal(body.Config) allowedJSON, _ := json.Marshal(body.AllowedUsers) enabled := true -- 2.52.0