mchus/PriceForge
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Releases 2 Activity

Harden local admin and secret storage

Browse Source
This commit is contained in:
Mikhail Chusavitin
2026-03-07 22:14:31 +03:00
parent 08de9006ef
commit 96572be712
6 changed files with 187 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/pfs/main.go
View File

@@ -76,6 +76,9 @@ func main() {
slog.Info("migrated legacy config file", "from", migratedFrom, "to", resolvedConfigPath)
}
}
if err := appstate.EnsurePrivateFile(resolvedConfigPath); err != nil {
slog.Warn("failed to enforce private permissions on config", "path", resolvedConfigPath, "error", err)
}
// Load config for server settings
cfg, err := config.Load(resolvedConfigPath)
@@ -448,6 +451,7 @@ func setupRouter(cfg *config.Config, configPath string, connMgr *db.ConnectionMa
router.MaxMultipartMemory = 26 << 20 // 26MB; stock import handler enforces 25MB payload limit
router.Use(gin.Recovery())
router.Use(requestLogger())
router.Use(middleware.OriginProtection())
router.Use(middleware.CORS())
router.Use(middleware.OfflineDetector(connMgr))
@@ -587,13 +591,13 @@ func setupRouter(cfg *config.Config, configPath string, connMgr *db.ConnectionMa
pricingAdmin.POST("/stock/mappings", pricingHandler.UpsertStockMapping)
pricingAdmin.DELETE("/stock/mappings/:partnumber", pricingHandler.DeleteStockMapping)
pricingAdmin.GET("/vendor-mappings", pricingHandler.ListVendorMappings)
pricingAdmin.GET("/vendor-mappings/detail", pricingHandler.GetVendorMappingDetail)
pricingAdmin.POST("/vendor-mappings", pricingHandler.UpsertVendorMapping)
pricingAdmin.POST("/vendor-mappings/import-csv", pricingHandler.ImportVendorMappingsCSV)
pricingAdmin.GET("/vendor-mappings/export-unmapped-csv", pricingHandler.ExportUnmappedVendorMappingsCSV)
pricingAdmin.DELETE("/vendor-mappings", pricingHandler.DeleteVendorMapping)
pricingAdmin.POST("/vendor-mappings/ignore", pricingHandler.IgnoreVendorMapping)
pricingAdmin.POST("/vendor-mappings/unignore", pricingHandler.UnignoreVendorMapping)
pricingAdmin.GET("/vendor-mappings/detail", pricingHandler.GetVendorMappingDetail)
pricingAdmin.POST("/vendor-mappings", pricingHandler.UpsertVendorMapping)
pricingAdmin.POST("/vendor-mappings/import-csv", pricingHandler.ImportVendorMappingsCSV)
pricingAdmin.GET("/vendor-mappings/export-unmapped-csv", pricingHandler.ExportUnmappedVendorMappingsCSV)
pricingAdmin.DELETE("/vendor-mappings", pricingHandler.DeleteVendorMapping)
pricingAdmin.POST("/vendor-mappings/ignore", pricingHandler.IgnoreVendorMapping)
pricingAdmin.POST("/vendor-mappings/unignore", pricingHandler.UnignoreVendorMapping)
pricingAdmin.GET("/alerts", pricingHandler.ListAlerts)
pricingAdmin.POST("/alerts/:id/acknowledge", pricingHandler.AcknowledgeAlert)
pricingAdmin.POST("/alerts/:id/resolve", pricingHandler.ResolveAlert)