Refactor/security check and forlders workflow#2
Open
saktush wants to merge 19 commits into
Open
Conversation
- Move validateUploadAuth from src/index.ts to src/utils/upload-auth.ts to improve modularity and separation of concerns. - Add comprehensive unit tests covering token validation, header parsing, case-insensitivity, and edge cases. - Declare MIT license in package-lock.json.
Remove the listUploadsHandler function and its GET /uploads route registration. Update AGENTS.md to remove the corresponding endpoint documentation. This eliminates a debug-only feature no longer required for production.
Store a hash of the session token when initializing an MCP session. Validate incoming requests against the stored hash to prevent token mismatches and unauthorized access. Returns a 401 error on validation failure and logs masked tokens for debugging.
Add comprehensive unit tests for the `parseUpload` utility to verify multipart file parsing behavior. - Validate correct file writing and metadata generation for standard uploads - Test multi-chunk transfer handling and guard against boundary byte leakage regression (D1) - Verify proper rejection and 413 error response when files exceed the configured max size
Add LISTEN_HOST environment variable to .env.example with a default of 127.0.0.1 when TEAMSTORM_API_TOKEN is configured, preventing anonymous remote sessions. Update AGENTS.md and README.md to document the new binding logic and provide override instructions for network deployments.
Replace the direct Pino export with a redactedLogger wrapper that applies the redact() function to the first argument of all log methods. This ensures sensitive information is automatically sanitized before being written to logs, preventing accidental exposure of credentials or PII while maintaining the existing logger interface.
Replace direct string equality check with SHA-256 hashing and timingSafeEqual. This mitigates timing side-channel attacks by ensuring constant-time comparison during upload authentication.
Hook transport.onclose and onsessionclosed so that transports, sessionClients, and sessionTokenHashes are deleted when a session ends, preventing unbounded map growth in long-running servers. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All failure paths in validateUploadAuth now return the same generic 'Unauthorized: valid token required for uploads' message, preventing callers from distinguishing between a missing server token and a wrong token. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Increase masking threshold from 8 to 16 characters to avoid partial token exposure - Use timingSafeEqual for session validation to prevent timing-based side-channel attacks
- S1: validate uploadId as UUID before path.join() in oob-upload.ts to prevent path traversal - S2+P3: add 30s timeout and HTTP keep-alive agents to axios instance in teamstorm.ts - P1: early-exit folder resolution loop on first match instead of always paginating 20 pages - P2: skip getTask() in createTimeEntry/listTimeEntries when taskId is already a UUID - P4: switch fs.readFileSync to async fsPromises.readFile in oob-upload.ts - P5: replace all console.error success logs with structured logger.info across 10 tool files - P6: parallelize orphan upload file deletion with Promise.all in index.ts - S3: document intentional absence of Access-Control-Allow-Origin in CORS middleware Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This branch covers two major workstreams: a security & performance hardening pass (audit-driven) and a folders feature addition, plus related fixes and tests.
Security hardening
Performance improvements
Folders feature
Bug fixes & quality