feat: Production readiness improvements for WHOOSH council formation
Major security, observability, and configuration improvements:
## Security Hardening
- Implemented configurable CORS (no more wildcards)
- Added comprehensive auth middleware for admin endpoints
- Enhanced webhook HMAC validation
- Added input validation and rate limiting
- Security headers and CSP policies
## Configuration Management
- Made N8N webhook URL configurable (WHOOSH_N8N_BASE_URL)
- Replaced all hardcoded endpoints with environment variables
- Added feature flags for LLM vs heuristic composition
- Gitea fetch hardening with EAGER_FILTER and FULL_RESCAN options
## API Completeness
- Implemented GetCouncilComposition function
- Added GET /api/v1/councils/{id} endpoint
- Council artifacts API (POST/GET /api/v1/councils/{id}/artifacts)
- /admin/health/details endpoint with component status
- Database lookup for repository URLs (no hardcoded fallbacks)
## Observability & Performance
- Added OpenTelemetry distributed tracing with goal/pulse correlation
- Performance optimization database indexes
- Comprehensive health monitoring
- Enhanced logging and error handling
## Infrastructure
- Production-ready P2P discovery (replaces mock implementation)
- Removed unused Redis configuration
- Enhanced Docker Swarm integration
- Added migration files for performance indexes
## Code Quality
- Comprehensive input validation
- Graceful error handling and failsafe fallbacks
- Backwards compatibility maintained
- Following security best practices
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Claude Code
89
vendor/github.com/golang-jwt/jwt/v5/errors.go
generated
vendored
Normal file
89
vendor/github.com/golang-jwt/jwt/v5/errors.go
generated
vendored
Normal file
@@ -0,0 +1,89 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrInvalidKey = errors.New("key is invalid")
|
||||
ErrInvalidKeyType = errors.New("key is of invalid type")
|
||||
ErrHashUnavailable = errors.New("the requested hash function is unavailable")
|
||||
ErrTokenMalformed = errors.New("token is malformed")
|
||||
ErrTokenUnverifiable = errors.New("token is unverifiable")
|
||||
ErrTokenSignatureInvalid = errors.New("token signature is invalid")
|
||||
ErrTokenRequiredClaimMissing = errors.New("token is missing required claim")
|
||||
ErrTokenInvalidAudience = errors.New("token has invalid audience")
|
||||
ErrTokenExpired = errors.New("token is expired")
|
||||
ErrTokenUsedBeforeIssued = errors.New("token used before issued")
|
||||
ErrTokenInvalidIssuer = errors.New("token has invalid issuer")
|
||||
ErrTokenInvalidSubject = errors.New("token has invalid subject")
|
||||
ErrTokenNotValidYet = errors.New("token is not valid yet")
|
||||
ErrTokenInvalidId = errors.New("token has invalid id")
|
||||
ErrTokenInvalidClaims = errors.New("token has invalid claims")
|
||||
ErrInvalidType = errors.New("invalid type for claim")
|
||||
)
|
||||
|
||||
// joinedError is an error type that works similar to what [errors.Join]
|
||||
// produces, with the exception that it has a nice error string; mainly its
|
||||
// error messages are concatenated using a comma, rather than a newline.
|
||||
type joinedError struct {
|
||||
errs []error
|
||||
}
|
||||
|
||||
func (je joinedError) Error() string {
|
||||
msg := []string{}
|
||||
for _, err := range je.errs {
|
||||
msg = append(msg, err.Error())
|
||||
}
|
||||
|
||||
return strings.Join(msg, ", ")
|
||||
}
|
||||
|
||||
// joinErrors joins together multiple errors. Useful for scenarios where
|
||||
// multiple errors next to each other occur, e.g., in claims validation.
|
||||
func joinErrors(errs ...error) error {
|
||||
return &joinedError{
|
||||
errs: errs,
|
||||
}
|
||||
}
|
||||
|
||||
// Unwrap implements the multiple error unwrapping for this error type, which is
|
||||
// possible in Go 1.20.
|
||||
func (je joinedError) Unwrap() []error {
|
||||
return je.errs
|
||||
}
|
||||
|
||||
// newError creates a new error message with a detailed error message. The
|
||||
// message will be prefixed with the contents of the supplied error type.
|
||||
// Additionally, more errors, that provide more context can be supplied which
|
||||
// will be appended to the message. This makes use of Go 1.20's possibility to
|
||||
// include more than one %w formatting directive in [fmt.Errorf].
|
||||
//
|
||||
// For example,
|
||||
//
|
||||
// newError("no keyfunc was provided", ErrTokenUnverifiable)
|
||||
//
|
||||
// will produce the error string
|
||||
//
|
||||
// "token is unverifiable: no keyfunc was provided"
|
||||
func newError(message string, err error, more ...error) error {
|
||||
var format string
|
||||
var args []any
|
||||
if message != "" {
|
||||
format = "%w: %s"
|
||||
args = []any{err, message}
|
||||
} else {
|
||||
format = "%w"
|
||||
args = []any{err}
|
||||
}
|
||||
|
||||
for _, e := range more {
|
||||
format += ": %w"
|
||||
args = append(args, e)
|
||||
}
|
||||
|
||||
err = fmt.Errorf(format, args...)
|
||||
return err
|
||||
}
|
||||
Reference in New Issue
Block a user