ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-02 08:33:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: enhance security and streamline file handling

Browse Source 
This commit introduces several improvements to the security and file handling mechanisms across the application. Key changes include:

- Updated the Dockerfile to pin the GitHub CLI version for reproducible builds.
- Refactored the secure file system operations to ensure consistent path validation and type handling.
- Removed legacy path management functions and streamlined the allowed paths logic in the security module.
- Enhanced route handlers to validate path parameters against the ALLOWED_ROOT_DIRECTORY, improving security against unauthorized access.
- Updated the settings service to focus solely on the Anthropic API key, removing references to Google and OpenAI keys.

These changes aim to enhance security, maintainability, and clarity in the codebase.

Tests: All unit tests passing.
This commit is contained in:
Test User
2025-12-20 22:08:28 -05:00
parent 86d92e610b
commit 9cf12b9006
20 changed files with 54 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/server/src/routes/workspace/routes/config.ts
View File

@@ -6,7 +6,6 @@ import type { Request, Response } from "express";
import fs from "fs/promises";
import path from "path";
import {
addAllowedPath,
getAllowedRootDirectory,
getDataDirectory,
} from "../../../lib/security.js";
@@ -41,9 +40,6 @@ export function createConfigHandler() {
return;
}
// Add workspace dir to allowed paths
addAllowedPath(resolvedWorkspaceDir);
res.json({
success: true,
configured: true,

8
apps/server/src/routes/workspace/routes/directories.ts
View File

@@ -5,7 +5,7 @@
import type { Request, Response } from "express";
import fs from "fs/promises";
import path from "path";
import { addAllowedPath, getAllowedRootDirectory } from "../../../lib/security.js";
import { getAllowedRootDirectory } from "../../../lib/security.js";
import { getErrorMessage, logError } from "../common.js";
export function createDirectoriesHandler() {
@@ -34,9 +34,6 @@ export function createDirectoriesHandler() {
return;
}
// Add workspace dir to allowed paths
addAllowedPath(resolvedWorkspaceDir);
// Read directory contents
const entries = await fs.readdir(resolvedWorkspaceDir, { withFileTypes: true });
@@ -49,9 +46,6 @@ export function createDirectoriesHandler() {
}))
.sort((a, b) => a.name.localeCompare(b.name));
// Add each directory to allowed paths
directories.forEach((dir) => addAllowedPath(dir.path));
res.json({
success: true,
directories,