fix: resolve P0 security issues per governance baseline
P0-01: LIKE injection fix in device.go (2 locations) - Added escapeLikePattern() to prevent LIKE pattern manipulation P0-03: Token refresh blacklist fail-closed - RefreshToken() now returns error if cache.Set fails - Prevents token double-spend on cache failures P0-05: CORS dangerous default configuration - Default changed to empty origins, credentials off - init() panics if default config is dangerous P0-06: UpdateUser IDOR vulnerability fix - Added authorization check (self-or-admin) - Prevents unauthorized user profile modification Also: Fixed frontend lint errors in device-fingerprint.test.ts and http/index.test.ts All 518 frontend tests pass, all backend tests pass.
This commit is contained in:
@@ -783,13 +783,16 @@ func (s *AuthService) RefreshToken(ctx context.Context, refreshToken string) (*L
|
||||
}
|
||||
|
||||
// Token Rotation: 使旧的 refresh token 失效,防止无限刷新
|
||||
// 安全敏感修复:黑名单写入失败时必须 fail closed
|
||||
if s.cache != nil {
|
||||
blacklistKey := tokenBlacklistPrefix + claims.JTI
|
||||
// TTL 设置为 refresh token 的剩余有效期
|
||||
if claims.ExpiresAt != nil {
|
||||
remaining := time.Until(claims.ExpiresAt.Time)
|
||||
if remaining > 0 {
|
||||
_ = s.cache.Set(ctx, blacklistKey, "1", 5*time.Minute, remaining)
|
||||
if err := s.cache.Set(ctx, blacklistKey, "1", 5*time.Minute, remaining); err != nil {
|
||||
return nil, fmt.Errorf("token revocation failed: %w", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user