3 Commits

Author SHA1 Message Date
40151d403b chore: add proprietary license (All Rights Reserved) 2026-06-07 22:21:46 +03:30
d2992d2af6 Update .github/workflows/ci-cd.yml 2026-05-11 15:18:05 +03:30
db123-test
7930f2ec99 fix: validate action parameter and correct database health check logic
- Add whitelist of valid actions to prevent arbitrary action values
- Fix error handling to properly detect database failures

Previously, any action value was accepted without validation, which could lead to unexpected behavior. The health check also incorrectly set dbOK to true when queries succeeded, now correctly sets it to false when errors occur.
2026-05-11 12:19:47 +03:30
3 changed files with 20 additions and 8 deletions

View File

@@ -79,7 +79,7 @@ jobs:
run: | run: |
docker buildx build \ docker buildx build \
--platform linux/amd64 \ --platform linux/amd64 \
--tag "git.yejayekhoob.com/db123/auth-proxy:${{ github.sha }}" \ --tag "git.yejayekhoob.com/yjkh/auth-proxy:${{ github.sha }}" \
--tag "git.yejayekhoob.com/db123/auth-proxy:latest" \ --tag "git.yejayekhoob.com/yjkh/auth-proxy:latest" \
--push \ --push \
. .

5
LICENSE Normal file
View File

@@ -0,0 +1,5 @@
Copyright (c) 2026 db123. All Rights Reserved.
This software and associated documentation files (the "Software") are proprietary and confidential. No part of the Software may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the copyright holder.
For licensing inquiries, contact: erfan@db123.ir

View File

@@ -243,9 +243,16 @@ func parseLogFilter(r *http.Request) (*logFilter, error) {
Offset: 0, Offset: 0,
} }
validActions := map[string]bool{
"add_temp": true, "delete_temp": true,
"add_perm": true, "delete_perm": true, "expire_temp": true,
}
if v := r.URL.Query().Get("action"); v != "" { if v := r.URL.Query().Get("action"); v != "" {
if validActions[v] {
f.Action = v f.Action = v
} }
}
if v := r.URL.Query().Get("ip"); v != "" { if v := r.URL.Query().Get("ip"); v != "" {
f.IP = v f.IP = v
} }
@@ -333,13 +340,13 @@ func statusHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
var permCount int var permCount int
var tempCount int var tempCount int
dbOK := false dbOK := true
if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err == nil { if err := db.QueryRow(`SELECT COUNT(*) FROM perm_whitelist`).Scan(&permCount); err != nil {
dbOK = true dbOK = false
} }
if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err == nil { if err := db.QueryRow(`SELECT COUNT(*) FROM temp_whitelist WHERE expires_at > ?`, time.Now().Format(time.RFC3339)).Scan(&tempCount); err != nil {
dbOK = true dbOK = false
} }
health := map[string]interface{}{ health := map[string]interface{}{