molecule-ai/molecule-core
52
0
Fork 2
Code Issues 180 Pull Requests 54 Actions 2 Packages Projects Releases Wiki Activity

fix(channels): remove duplicate EncryptSensitiveFields + log json.Marshal errors #1122

Closed
fullstack-engineer wants to merge 1 commits from fix/channels-marshal-errors into staging
pull from: fix/channels-marshal-errors
merge into: molecule-ai:staging
Conversation 6 Commits 1 Files Changed 1
+24 -13
1 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
workspace-server/internal/handlers/channels.go
+24 -13
View File
@@ -149,17 +149,18 @@ func (h *ChannelHandler) Create(c *gin.Context) {
return
}
// #319: encrypt sensitive fields (bot_token, webhook_secret) before
// persisting so a DB read/backup leak can't recover the credentials.
// Validation above ran against plaintext; storage is ciphertext.
if err := channels.EncryptSensitiveFields(body.Config); err != nil {
log.Printf("Channels: encrypt config failed for workspace %s: %v", workspaceID, err)
c.JSON(http.StatusInternalServerError, gin.H{"error": "encrypt failed"})
configJSON, mErr := json.Marshal(body.Config)
if mErr != nil {
log.Printf("Channels Create: marshal config for workspace %s: %v", workspaceID, mErr)
c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal config failed"})
return
}
allowedJSON, mErr := json.Marshal(body.AllowedUsers)
if mErr != nil {
log.Printf("Channels Create: marshal allowed_users for workspace %s: %v", workspaceID, mErr)
c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal allowed_users failed"})
return
}
configJSON, _ := json.Marshal(body.Config)
allowedJSON, _ := json.Marshal(body.AllowedUsers)
enabled := true
if body.Enabled != nil {
enabled = *body.Enabled
@@ -209,16 +210,26 @@ func (h *ChannelHandler) Update(c *gin.Context) {
// #319: re-encrypt sensitive fields on every config update — the
// PATCH body carries plaintext (client already had them plaintext in
// List response's unmasked path or typed fresh).
if err := channels.EncryptSensitiveFields(body.Config); err != nil {
log.Printf("Channels: encrypt update for workspace %s: %v", workspaceID, err)
if encErr := channels.EncryptSensitiveFields(body.Config); encErr != nil {
log.Printf("Channels: encrypt update for workspace %s: %v", workspaceID, encErr)
c.JSON(http.StatusInternalServerError, gin.H{"error": "encrypt failed"})
return
}
j, _ := json.Marshal(body.Config)
j, mErr := json.Marshal(body.Config)
if mErr != nil {
log.Printf("Channels Update: marshal config for channel %s: %v", channelID, mErr)
c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal config failed"})
return
}
configArg = string(j)
}
if body.AllowedUsers != nil {
j, _ := json.Marshal(body.AllowedUsers)
j, mErr := json.Marshal(body.AllowedUsers)
if mErr != nil {
log.Printf("Channels Update: marshal allowed_users for channel %s: %v", channelID, mErr)
c.JSON(http.StatusInternalServerError, gin.H{"error": "marshal allowed_users failed"})
return
}
allowedArg = string(j)
}