ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
411 Commits 2 Branches 0 Tags 20 MiB
d1ade2c3c3
Commit Graph

6 Commits

Author SHA1 Message Date
ZhenYi
bdb5393835 fix: resolve 30+ bugs from security audit 
Critical:
- CORS: replace allow_any_origin + credentials with env-configured origins
- XSS: escape HTML before dangerouslySetInnerHTML in search results
- Path traversal: sanitize storage keys to reject ".." components
- Auth missing: add Session requirement to git init/open/is-repo endpoints
- Transaction: wrap issue cascade delete in DB transaction

High:
- Mutex poisoning: replace unwrap() with poison-recovering guards
- Drop tokio::spawn: use runtime handle or fallback thread for lock release
- Redis KEYS: replace with non-blocking SCAN for typing events
- SSH panic: handle missing stdin/stdout/stderr gracefully
- LFS auth: remove x-user-uid header injection vector, generate per-request tokens

Medium:
- Memory leak: remove Box::leak in provider normalization
- Race conditions: query closed count directly instead of subtraction
- Silent failures: add tracing::warn for AI tasks, room events, activity logs
- Frontend nav: sync activeRoomId when initialRoomId prop changes
- Duplicate nav: remove redundant setActiveRoom in delete handler
- Callback conflict: skip undefined values in updateCallbacks merge
- Stale closure: use wsClient state instead of wsClientRef.current in useMemo

Low:
- Captcha: validate captcha not empty before login submission
- Broadcast capacity: reduce from 100K to 1000
- Error handling: add try/catch for removeMember and updateMemberRole
- Loading state: show placeholder instead of null in RepositoryContextProvider
- WebSocket: add heartbeat ping and jitter to reconnect backoff
 2026-04-27 10:57:23 +08:00
ZhenYi
ee4ff6c752 fix(api): fix branch route order to prevent shadowing
Some checks are pending
CI / Rust Lint & Check (push) Waiting to run
Details
CI / Rust Tests (push) Waiting to run
Details
CI / Frontend Lint & Type Check (push) Waiting to run
Details
CI / Frontend Build (push) Blocked by required conditions
Details 
Move all specific branch routes before /branches/{name} to prevent
route shadowing. Previously, routes like /branches/rename, /branches/move,
/branches/upstream, /branches/diff, etc. were shadowed by /branches/{name}.
 2026-04-17 16:11:23 +08:00
ZhenYi
1272615d50 fix(api): fix refs route order to prevent shadowing 
Move specific routes (/refs/rename, /refs/update) before parameterized
routes (/refs/{name}) to avoid route shadowing.
 2026-04-17 16:10:23 +08:00
ZhenYi
4cee9975d5 fix(api): fix commit route order to prevent InvalidOid("reflog") error 
Move specific routes (/commits/reflog, /commits/branches, /commits/tags)
before parameterized routes (/commits/{oid}) to avoid route shadowing.
Previously, /commits/reflog was matched by /commits/{oid} with oid="reflog",
causing InvalidOid("reflog") errors.

Also fixes other potential route shadowing issues in commit routes.
 2026-04-17 16:07:01 +08:00
ZhenYi
4c49953572 fix(git): use default_branch in git_commit_log and update API docs
Some checks are pending
CI / Rust Lint & Check (push) Waiting to run
Details
CI / Rust Tests (push) Waiting to run
Details
CI / Frontend Lint & Type Check (push) Waiting to run
Details
CI / Frontend Build (push) Blocked by required conditions
Details 
- git_commit_log: default to repo.default_branch when rev is None
- Update API documentation to reflect default_branch instead of HEAD
 2026-04-17 15:16:18 +08:00
ZhenYi
93cfff9738 init 2026-04-15 09:08:09 +08:00