eng-pad-server

kyle/eng-pad-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kyle Isom	ea9375b6ae	Security hardening: fix critical, high, and medium issues from audit CRITICAL: - A-001: SQL injection in snapshot — escape single quotes in backup path - A-002: Timing attack — always verify against dummy hash when user not found, preventing username enumeration - A-003: Notebook ownership — all authenticated endpoints now verify user_id before loading notebook data - A-004: Point data bounds — decodePoints returns error on misaligned data, >4MB payloads, and NaN/Inf values HIGH: - A-005: Error messages — generic errors in HTTP responses, no err.Error() - A-006: Share link authz — RevokeShareLink verifies notebook ownership - A-007: Scan errors — return 500 instead of silently continuing MEDIUM: - A-008: Web server TLS — optional TLS support (HTTPS when configured) - A-009: Input validation — page_size, stroke count, point_data alignment checked in SyncNotebook RPC - A-010: Graceful shutdown — 30s drain on SIGINT/SIGTERM, all servers shut down properly Added AUDIT.md with all 17 findings, status, and rationale for accepted risks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 20:16:26 -07:00
Kyle Isom	5993d20995	Implement Phase 5: SVG, JPG, PDF rendering - SVG: strokes → SVG path elements with dashed/arrow support, coordinates scaled from 300 DPI to 72 DPI - JPG: rasterization at 300 DPI using Go image package, Bresenham line drawing with round pen circles - PDF: minimal PDF generation with raw operators, no external library - 6 tests: SVG output, dashed style, arrow heads, JPG magic bytes, PDF header, page size calculations Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 19:54:32 -07:00

Author

SHA1

Message

Date

Kyle Isom

ea9375b6ae

Security hardening: fix critical, high, and medium issues from audit

CRITICAL:
- A-001: SQL injection in snapshot — escape single quotes in backup path
- A-002: Timing attack — always verify against dummy hash when user not
  found, preventing username enumeration
- A-003: Notebook ownership — all authenticated endpoints now verify
  user_id before loading notebook data
- A-004: Point data bounds — decodePoints returns error on misaligned
  data, >4MB payloads, and NaN/Inf values

HIGH:
- A-005: Error messages — generic errors in HTTP responses, no err.Error()
- A-006: Share link authz — RevokeShareLink verifies notebook ownership
- A-007: Scan errors — return 500 instead of silently continuing

MEDIUM:
- A-008: Web server TLS — optional TLS support (HTTPS when configured)
- A-009: Input validation — page_size, stroke count, point_data alignment
  checked in SyncNotebook RPC
- A-010: Graceful shutdown — 30s drain on SIGINT/SIGTERM, all servers
  shut down properly

Added AUDIT.md with all 17 findings, status, and rationale for
accepted risks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 20:16:26 -07:00

Kyle Isom

5993d20995

Implement Phase 5: SVG, JPG, PDF rendering

- SVG: strokes → SVG path elements with dashed/arrow support,
  coordinates scaled from 300 DPI to 72 DPI
- JPG: rasterization at 300 DPI using Go image package, Bresenham
  line drawing with round pen circles
- PDF: minimal PDF generation with raw operators, no external library
- 6 tests: SVG output, dashed style, arrow heads, JPG magic bytes,
  PDF header, page size calculations

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 19:54:32 -07:00

2 Commits