penal-colony/samsa
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: fix build errors, add honest Google UA, sanitize error msgs

Browse source 
- Fix config validation: upstream URLs allow private IPs (self-hosted)
- Fix util.SafeURLScheme to return parsed URL
- Replace spoofed GSA User-Agent with honest Kafka UA
- Sanitize all engine error messages (strip response bodies)
- Replace unused body reads with io.Copy(io.Discard, ...) for reuse
- Fix pre-existing braveapi_test using wrong struct type
- Fix ratelimit test reference to limiter variable
- Update ratelimit tests for new trusted proxy behavior
This commit is contained in:
Franz Kafka 2026-03-22 16:27:49 +00:00
parent da367a1bfd
commit b3e3123612
17 changed files with 32 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/middleware/ratelimit_test.go
View file

@ -1,6 +1,7 @@
package middleware
import (
"net"
"net/http"
"net/http/httptest"
"testing"
@ -92,7 +93,6 @@ func TestRateLimit_DifferentIPs(t *testing.T) {
}
func TestRateLimit_XForwardedFor(t *testing.T) {
privateNet := mustParseCIDR("10.0.0.0/8")
h := RateLimit(RateLimitConfig{
Requests: 1,
Window: 10 * time.Second,