molecule-ai/molecule-core
35
0
Fork 2
Code Issues 22 Pull Requests 5 Actions 49 Packages Projects Releases Wiki Activity
06e02a310c
molecule-core/platform/internal/middleware
History
Backend Engineer 06e02a310c fix(router): call SetTrustedProxies(nil) to close IP-spoofing bypass (#179) 
Without this call Gin's default trusts all X-Forwarded-For headers, letting
any caller rotate their effective IP and bypass per-IP rate limiting.
SetTrustedProxies(nil) forces c.ClientIP() to always return the real
TCP RemoteAddr.

Adds two regression tests: one documenting the pre-fix bypass, one
asserting the spoofed header is ignored after the fix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 17:32:54 +00:00
..
ratelimit_test.go fix(router): call SetTrustedProxies(nil) to close IP-spoofing bypass (#179) 2026-04-15 17:32:54 +00:00
ratelimit.go fix: #93 category_routing + #105 X-RateLimit headers 2026-04-15 00:23:46 -07:00
securityheaders_test.go initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
securityheaders.go initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
tenant_guard_test.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
tenant_guard.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
wsauth_middleware_test.go fix(security): gate GET /approvals/pending behind AdminAuth (#180) 2026-04-15 17:25:09 +00:00
wsauth_middleware.go fix(security): protect global secrets routes with AdminAuth middleware (Cycle 7) 2026-04-14 06:33:22 +00:00