jarvis/dd0c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bf91e07eb98624117342356256f2b35c22e94d8
dd0c/products/shared
History
Max Mayfield 5792f95d7c
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 47s
Details
CI — P2 Drift (Go + Node) / saas (push) Successful in 36s
Details
CI — P3 Alert / test (push) Successful in 36s
Details
CI — P4 Portal / build-push (push) Failing after 49s
Details
CI — P5 Cost / build-push (push) Failing after 4s
Details
CI — P6 Run / build-push (push) Failing after 4s
Details
CI — P4 Portal / test (push) Successful in 35s
Details
CI — P5 Cost / test (push) Successful in 40s
Details
CI — P6 Run / saas (push) Successful in 36s
Details
CI — P2 Drift (Go + Node) / build-push (push) Failing after 17s
Details
CI — P3 Alert / build-push (push) Failing after 15s
Details
Fix BMad adversarial security review findings 
Resolves 11 of the 13 findings:
- [CRITICAL] SQLi in RLS: replaced SET LOCAL with parameterized set_config()
- [CRITICAL] Rate Limiting: installed and registered @fastify/rate-limit in all 5 apps
- [CRITICAL] Invite Hijacking: added email verification check to invite lookup
- [HIGH] Webhook HMAC: added Fastify rawBody parser to fix JSON.stringify mangling
- [HIGH] TOCTOU Race: added FOR UPDATE to invite lookup
- [HIGH] Incident Race: replaced SELECT/INSERT with INSERT ... ON CONFLICT
- [MEDIUM] Grafana Timing Attack: replaced === with crypto.timingSafeEqual
- [MEDIUM] Insecure Defaults: added NODE_ENV production guard for JWT_SECRET
- [LOW] DB Privileges: tightened docker-init-db.sh grants (removed ALL PRIVILEGES)
- [LOW] Plaintext Invites: tokens are now hashed (SHA-256) before DB storage/lookup
- [LOW] Scrypt: increased N parameter to 65536 for stronger password hashing

Note:
- Finding #4 (Fragmented Identity) requires a unified auth database architecture.
- Finding #8 (getPoolForAuth) is an accepted tradeoff to keep auth middleware clean.
2026-03-03 00:14:39 +00:00
..
002_auth.sql
Implement auth: login/signup (scrypt), API key generation, shared migration
2026-03-01 03:19:18 +00:00
003_invites.sql
Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks
2026-03-02 23:53:55 +00:00
auth.ts
Fix BMad adversarial security review findings
2026-03-03 00:14:39 +00:00
db.ts
Add shared auth middleware (JWT + API key + RBAC) and canonical withTenant() helper
2026-03-01 03:09:01 +00:00
README.md
Add shared auth middleware (JWT + API key + RBAC) and canonical withTenant() helper
2026-03-01 03:09:01 +00:00

README.md

dd0c Shared Modules

Reusable code shared across all dd0c products.

Files

  • auth.ts — JWT + API key authentication middleware, RBAC, login/signup routes
  • db.ts — PostgreSQL connection pool with RLS withTenant() helper

Usage

Copy into each product's src/ directory, or symlink during build. These are kept here as the canonical source of truth.

Auth Flow

  1. JWT (Browser/API): Authorization: Bearer <token> → decoded → req.tenantId, req.userId, req.userRole
  2. API Key (Agent/CLI): X-API-Key: dd0c_<32hex> → prefix lookup → bcrypt verify → tenant context
  3. Webhook (HMAC): Per-provider signature validation (skips JWT middleware)
  4. Slack (Signing Secret): Slack request signature verification (skips JWT middleware)

RBAC Hierarchy

owner > admin > member > viewer

Use requireRole(req, reply, 'admin') in route handlers for access control.

Reference in New Issue View Git Blame Copy Permalink