kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22 Commits 1 Branch 1 Tag
691301daded3a15a937397e9c5be95ab73175070
Commit Graph

5 Commits

Author SHA1 Message Date
Kyle Isom
691301dade Update docs for Docker-on-deimos deployment, add grpc_plain_addr option 
- ARCHITECTURE.md: document nginx + direct gRPC topology, add
  grpc_plain_addr config, update cert filenames to Let's Encrypt
  convention, add passwd to CLI table
- RUNBOOK.md: replace systemctl/journalctl with docker commands,
  fix cert path references, improve sync troubleshooting steps
- Example config: update cert paths, document grpc_plain_addr option
- grpcserver: add optional plaintext gRPC listener for reverse proxy
- config: add GRPCPlainAddr field

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-25 08:58:01 -07:00
Kyle Isom
49de9269d6 Rename service to EngPadSyncService (buf lint), add java_package, add buf.yaml 
- Proto service renamed from EngPadSync to EngPadSyncService per buf
  STANDARD lint rule SERVICE_SUFFIX
- Added java_package and java_multiple_files options for Android client
- Added buf.yaml with STANDARD lint and FILE breaking detection
- Regenerated Go gRPC stubs, updated server references

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 21:25:09 -07:00
Kyle Isom
a9e6ca022e Add structured logging with log/slog 
Replace fmt.Printf logging calls with slog.Info/slog.Error for structured
JSON output to stderr. Add internal/log package to initialize the default
slog handler from the config log level. Fix .gitignore to only ignore the
binary at the repo root, not the cmd/eng-pad-server directory.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 20:52:22 -07:00
Kyle Isom
ea9375b6ae Security hardening: fix critical, high, and medium issues from audit 
CRITICAL:
- A-001: SQL injection in snapshot — escape single quotes in backup path
- A-002: Timing attack — always verify against dummy hash when user not
  found, preventing username enumeration
- A-003: Notebook ownership — all authenticated endpoints now verify
  user_id before loading notebook data
- A-004: Point data bounds — decodePoints returns error on misaligned
  data, >4MB payloads, and NaN/Inf values

HIGH:
- A-005: Error messages — generic errors in HTTP responses, no err.Error()
- A-006: Share link authz — RevokeShareLink verifies notebook ownership
- A-007: Scan errors — return 500 instead of silently continuing

MEDIUM:
- A-008: Web server TLS — optional TLS support (HTTPS when configured)
- A-009: Input validation — page_size, stroke count, point_data alignment
  checked in SyncNotebook RPC
- A-010: Graceful shutdown — 30s drain on SIGINT/SIGTERM, all servers
  shut down properly

Added AUDIT.md with all 17 findings, status, and rationale for
accepted risks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 20:16:26 -07:00
Kyle Isom
7d4e52ae92 Implement Phase 4: gRPC sync service 
- Proto definitions (engpad.v1.EngPadSync) with 6 RPCs
- Generated Go gRPC code
- Auth interceptor: username/password from metadata
- SyncNotebook: upsert with full page/stroke replacement in a tx
- DeleteNotebook, ListNotebooks handlers
- Share link RPCs: CreateShareLink, RevokeShareLink, ListShareLinks
- Share link token management (32-byte random, optional expiry)
- gRPC server with TLS 1.3

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 19:52:47 -07:00