mcias/internal/server/server.go at 1121b7d4fd1e08706009ef33291df526d2519393

kyle/mcias

Files

Kyle Isom 1121b7d4fd Harden deployment and fix PEN-01

- Fix Bearer token extraction to validate prefix (PEN-01)
- Add TestExtractBearerFromRequest covering PEN-01 edge cases
- Fix flaky TestRenewToken timing (2s → 4s lifetime)
- Move default config/install paths to /srv/mcias
- Add RUNBOOK.md for operational procedures
- Update AUDIT.md with penetration test round 4

Security: extractBearerFromRequest now uses case-insensitive prefix
validation instead of fixed-offset slicing, rejecting non-Bearer
Authorization schemes that were previously accepted.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-14 22:33:24 -07:00

51 KiB

Raw Blame History

View Raw

51 KiB Raw Blame History

51 KiB

Raw Blame History