fix(backend): harden email/OAuth/CORS/error-handling + backend review#9
Open
StockerMC wants to merge 2 commits into
Open
fix(backend): harden email/OAuth/CORS/error-handling + backend review#9StockerMC wants to merge 2 commits into
StockerMC wants to merge 2 commits into
Conversation
Localized, inspection-verified fixes (backend is undeployed; py_compile-checked): - email: HTML-escape custom_message, creator_name, product titles (was injectable) - oauth callback: enforce state expires_at (was only checking used flag) - query ints: add _qint() guard so bad ?limit/?offset return defaults not 500 - CORS: add https://www.maatchaa.co + https://maatchaa.co (prod origin) - error returns: 4 spots changed from status=200 to proper 400/404/500 docs/backend-review.md captures the full review, incl. the remaining big item: no auth layer on non-OAuth endpoints (needs a shared-secret guard before deploy).
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Follow-up: the prior commit only added the html import; the escape call sites did not land (string mismatch). This escapes custom_message (+ line breaks), creator_name, shop_name, and product titles where interpolated into the HTML.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backend security/robustness fixes + a full review doc (
docs/backend-review.md). Backend is undeployed, so these are pre-deploy hardening; all changes verified withpy_compile(no runtime available in review env).Fixed in this PR
utils/email.pynow HTML-escapescustom_message,creator_name, product titles (were interpolated raw into HTML)/shopify/callbacknow enforcesexpires_at(was only checking theusedflag → infinite CSRF window)_qint()guard; bad?limit=abcreturns default instead of crashinghttps://www.maatchaa.co+https://maatchaa.co(prod origin; was only vercel/localhost)status=200to proper 400/404/500Documented, NOT fixed here (see doc)
INTERNAL_API_KEY) guard across ~40 handlers before deploy; left out because it can't be runtime-tested here and belongs with the deploy work. Sample decorator included in the doc.API.pymonolith + routes duplicated inpartnerships_api.py; legacy routes on dead v2 tables.Note
The demo is unaffected (backend not deployed). Verified separately that the live dashboard demo still works post-RLS.