131868bdca
Major security, observability, and configuration improvements:
## Security Hardening
- Implemented configurable CORS (no more wildcards)
- Added comprehensive auth middleware for admin endpoints
- Enhanced webhook HMAC validation
- Added input validation and rate limiting
- Security headers and CSP policies
## Configuration Management
- Made N8N webhook URL configurable (WHOOSH_N8N_BASE_URL)
- Replaced all hardcoded endpoints with environment variables
- Added feature flags for LLM vs heuristic composition
- Gitea fetch hardening with EAGER_FILTER and FULL_RESCAN options
## API Completeness
- Implemented GetCouncilComposition function
- Added GET /api/v1/councils/{id} endpoint
- Council artifacts API (POST/GET /api/v1/councils/{id}/artifacts)
- /admin/health/details endpoint with component status
- Database lookup for repository URLs (no hardcoded fallbacks)
## Observability & Performance
- Added OpenTelemetry distributed tracing with goal/pulse correlation
- Performance optimization database indexes
- Comprehensive health monitoring
- Enhanced logging and error handling
## Infrastructure
- Production-ready P2P discovery (replaces mock implementation)
- Removed unused Redis configuration
- Enhanced Docker Swarm integration
- Added migration files for performance indexes
## Code Quality
- Comprehensive input validation
- Graceful error handling and failsafe fallbacks
- Backwards compatibility maintained
- Following security best practices
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
86 lines
1.9 KiB
Go
86 lines
1.9 KiB
Go
package json
|
|
|
|
import "unicode/utf8"
|
|
|
|
// AppendBytes is a mirror of appendString with []byte arg
|
|
func (Encoder) AppendBytes(dst, s []byte) []byte {
|
|
dst = append(dst, '"')
|
|
for i := 0; i < len(s); i++ {
|
|
if !noEscapeTable[s[i]] {
|
|
dst = appendBytesComplex(dst, s, i)
|
|
return append(dst, '"')
|
|
}
|
|
}
|
|
dst = append(dst, s...)
|
|
return append(dst, '"')
|
|
}
|
|
|
|
// AppendHex encodes the input bytes to a hex string and appends
|
|
// the encoded string to the input byte slice.
|
|
//
|
|
// The operation loops though each byte and encodes it as hex using
|
|
// the hex lookup table.
|
|
func (Encoder) AppendHex(dst, s []byte) []byte {
|
|
dst = append(dst, '"')
|
|
for _, v := range s {
|
|
dst = append(dst, hex[v>>4], hex[v&0x0f])
|
|
}
|
|
return append(dst, '"')
|
|
}
|
|
|
|
// appendBytesComplex is a mirror of the appendStringComplex
|
|
// with []byte arg
|
|
func appendBytesComplex(dst, s []byte, i int) []byte {
|
|
start := 0
|
|
for i < len(s) {
|
|
b := s[i]
|
|
if b >= utf8.RuneSelf {
|
|
r, size := utf8.DecodeRune(s[i:])
|
|
if r == utf8.RuneError && size == 1 {
|
|
if start < i {
|
|
dst = append(dst, s[start:i]...)
|
|
}
|
|
dst = append(dst, `\ufffd`...)
|
|
i += size
|
|
start = i
|
|
continue
|
|
}
|
|
i += size
|
|
continue
|
|
}
|
|
if noEscapeTable[b] {
|
|
i++
|
|
continue
|
|
}
|
|
// We encountered a character that needs to be encoded.
|
|
// Let's append the previous simple characters to the byte slice
|
|
// and switch our operation to read and encode the remainder
|
|
// characters byte-by-byte.
|
|
if start < i {
|
|
dst = append(dst, s[start:i]...)
|
|
}
|
|
switch b {
|
|
case '"', '\\':
|
|
dst = append(dst, '\\', b)
|
|
case '\b':
|
|
dst = append(dst, '\\', 'b')
|
|
case '\f':
|
|
dst = append(dst, '\\', 'f')
|
|
case '\n':
|
|
dst = append(dst, '\\', 'n')
|
|
case '\r':
|
|
dst = append(dst, '\\', 'r')
|
|
case '\t':
|
|
dst = append(dst, '\\', 't')
|
|
default:
|
|
dst = append(dst, '\\', 'u', '0', '0', hex[b>>4], hex[b&0xF])
|
|
}
|
|
i++
|
|
start = i
|
|
}
|
|
if start < len(s) {
|
|
dst = append(dst, s[start:]...)
|
|
}
|
|
return dst
|
|
}
|