131868bdca
Major security, observability, and configuration improvements:
## Security Hardening
- Implemented configurable CORS (no more wildcards)
- Added comprehensive auth middleware for admin endpoints
- Enhanced webhook HMAC validation
- Added input validation and rate limiting
- Security headers and CSP policies
## Configuration Management
- Made N8N webhook URL configurable (WHOOSH_N8N_BASE_URL)
- Replaced all hardcoded endpoints with environment variables
- Added feature flags for LLM vs heuristic composition
- Gitea fetch hardening with EAGER_FILTER and FULL_RESCAN options
## API Completeness
- Implemented GetCouncilComposition function
- Added GET /api/v1/councils/{id} endpoint
- Council artifacts API (POST/GET /api/v1/councils/{id}/artifacts)
- /admin/health/details endpoint with component status
- Database lookup for repository URLs (no hardcoded fallbacks)
## Observability & Performance
- Added OpenTelemetry distributed tracing with goal/pulse correlation
- Performance optimization database indexes
- Comprehensive health monitoring
- Enhanced logging and error handling
## Infrastructure
- Production-ready P2P discovery (replaces mock implementation)
- Removed unused Redis configuration
- Enhanced Docker Swarm integration
- Added migration files for performance indexes
## Code Quality
- Comprehensive input validation
- Graceful error handling and failsafe fallbacks
- Backwards compatibility maintained
- Following security best practices
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
71 lines
1.4 KiB
Go
71 lines
1.4 KiB
Go
package cors
|
|
|
|
import "strings"
|
|
|
|
const toLower = 'a' - 'A'
|
|
|
|
type converter func(string) string
|
|
|
|
type wildcard struct {
|
|
prefix string
|
|
suffix string
|
|
}
|
|
|
|
func (w wildcard) match(s string) bool {
|
|
return len(s) >= len(w.prefix+w.suffix) && strings.HasPrefix(s, w.prefix) && strings.HasSuffix(s, w.suffix)
|
|
}
|
|
|
|
// convert converts a list of string using the passed converter function
|
|
func convert(s []string, c converter) []string {
|
|
out := []string{}
|
|
for _, i := range s {
|
|
out = append(out, c(i))
|
|
}
|
|
return out
|
|
}
|
|
|
|
// parseHeaderList tokenize + normalize a string containing a list of headers
|
|
func parseHeaderList(headerList string) []string {
|
|
l := len(headerList)
|
|
h := make([]byte, 0, l)
|
|
upper := true
|
|
// Estimate the number headers in order to allocate the right splice size
|
|
t := 0
|
|
for i := 0; i < l; i++ {
|
|
if headerList[i] == ',' {
|
|
t++
|
|
}
|
|
}
|
|
headers := make([]string, 0, t)
|
|
for i := 0; i < l; i++ {
|
|
b := headerList[i]
|
|
if b >= 'a' && b <= 'z' {
|
|
if upper {
|
|
h = append(h, b-toLower)
|
|
} else {
|
|
h = append(h, b)
|
|
}
|
|
} else if b >= 'A' && b <= 'Z' {
|
|
if !upper {
|
|
h = append(h, b+toLower)
|
|
} else {
|
|
h = append(h, b)
|
|
}
|
|
} else if b == '-' || b == '_' || b == '.' || (b >= '0' && b <= '9') {
|
|
h = append(h, b)
|
|
}
|
|
|
|
if b == ' ' || b == ',' || i == l-1 {
|
|
if len(h) > 0 {
|
|
// Flush the found header
|
|
headers = append(headers, string(h))
|
|
h = h[:0]
|
|
upper = true
|
|
}
|
|
} else {
|
|
upper = b == '-'
|
|
}
|
|
}
|
|
return headers
|
|
}
|