jarvis/dd0c - dd0c - Gitea: Git with a cup of tea

jarvis/dd0c

Fork 0

Commit Graph

Author	SHA1	Message	Date
Max Mayfield	eb953cdea5	Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks Some checks failed CI — P2 Drift (Go + Node) / agent (push) Successful in 43s Details CI — P2 Drift (Go + Node) / saas (push) Failing after 5s Details CI — P3 Alert / test (push) Failing after 4s Details CI — P4 Portal / test (push) Failing after 4s Details CI — P5 Cost / test (push) Failing after 4s Details CI — P6 Run / saas (push) Failing after 5s Details CI — P2 Drift (Go + Node) / build-push (push) Failing after 7s Details CI — P3 Alert / build-push (push) Has been skipped Details CI — P4 Portal / build-push (push) Has been skipped Details CI — P5 Cost / build-push (push) Has been skipped Details CI — P6 Run / build-push (push) Failing after 5s Details Phase 1 (Security Critical): - Auth plugin encapsulation: replaced global addHook with Fastify plugin scope - Removed startsWith URL matching; public routes registered outside auth scope - JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion) - Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead - withTenant() remains primary tenant-scoped query path Phase 2 (Infrastructure): - docker-compose.yml: all secrets via env var substitution (${VAR:-default}) - Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh - .env.example with all configurable secrets - build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded - .gitignore excludes .env files - @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup - CORS_ORIGIN default changed from '*' to 'http://localhost:5173' Phase 3 (Product): - Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id - Signup accepts optional invite_token to join existing tenant - Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue Console: - All 5 product modules wired: drift, alert, portal, cost, run - PageHeader accepts children prop - 71 modules, 70KB gzipped production build All 6 projects compile clean (tsc --noEmit).	2026-03-02 23:53:55 +00:00
Max Mayfield	d85cdaa3e7	Flesh out dd0c/alert: webhook routes, incident API, notification config, data layer - Webhook routes: Datadog, PagerDuty, OpsGenie, Grafana with per-tenant HMAC/token auth - Incident API: list (filtered), detail with alerts, acknowledge/resolve/suppress, dashboard summary - Notification config: CRUD with upsert, test endpoint, Slack/email/webhook channels - Grafana normalizer: severity mapping (critical/warning/info) - Data layer: withTenant() RLS wrapper, Zod config validation - Fastify server entry point with cors/helmet	2026-03-01 03:04:57 +00:00

Author

SHA1

Message

Date

Max Mayfield

eb953cdea5

Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks

CI — P2 Drift (Go + Node) / agent (push) Successful in 43s

Details

CI — P2 Drift (Go + Node) / saas (push) Failing after 5s

Details

CI — P3 Alert / test (push) Failing after 4s

Details

CI — P4 Portal / test (push) Failing after 4s

Details

CI — P5 Cost / test (push) Failing after 4s

Details

CI — P6 Run / saas (push) Failing after 5s

Details

CI — P2 Drift (Go + Node) / build-push (push) Failing after 7s

Details

CI — P3 Alert / build-push (push) Has been skipped

Details

CI — P4 Portal / build-push (push) Has been skipped

Details

CI — P5 Cost / build-push (push) Has been skipped

Details

CI — P6 Run / build-push (push) Failing after 5s

Details

Phase 1 (Security Critical):
- Auth plugin encapsulation: replaced global addHook with Fastify plugin scope
- Removed startsWith URL matching; public routes registered outside auth scope
- JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion)
- Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead
- withTenant() remains primary tenant-scoped query path

Phase 2 (Infrastructure):
- docker-compose.yml: all secrets via env var substitution (${VAR:-default})
- Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh
- .env.example with all configurable secrets
- build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded
- .gitignore excludes .env files
- @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup
- CORS_ORIGIN default changed from '*' to 'http://localhost:5173'

Phase 3 (Product):
- Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id
- Signup accepts optional invite_token to join existing tenant
- Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue

Console:
- All 5 product modules wired: drift, alert, portal, cost, run
- PageHeader accepts children prop
- 71 modules, 70KB gzipped production build

All 6 projects compile clean (tsc --noEmit).

2026-03-02 23:53:55 +00:00

Max Mayfield

d85cdaa3e7

Flesh out dd0c/alert: webhook routes, incident API, notification config, data layer

- Webhook routes: Datadog, PagerDuty, OpsGenie, Grafana with per-tenant HMAC/token auth
- Incident API: list (filtered), detail with alerts, acknowledge/resolve/suppress, dashboard summary
- Notification config: CRUD with upsert, test endpoint, Slack/email/webhook channels
- Grafana normalizer: severity mapping (critical/warning/info)
- Data layer: withTenant() RLS wrapper, Zod config validation
- Fastify server entry point with cors/helmet

2026-03-01 03:04:57 +00:00

2 Commits