fix(security): Phase 1 P0 hardening from cross-project audit
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m42s
CI / Deploy production (on server) (push) Successful in 33s

Close open uploads, image-proxy SSRF, fail-open AI quotas in production,
auth gaps on app routes, and MCP tenant isolation issues.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Antigravity
2026-06-20 16:53:19 +00:00
parent 40f30155c2
commit 4d96605144
16 changed files with 264 additions and 95 deletions

View File

@@ -9,7 +9,7 @@ import { auth } from '@/auth'
import { hasUserAiConsent } from '@/lib/consent/server-consent'
import { loadTranslations, getTranslationValue, SupportedLanguage } from '@/lib/i18n'
import { toolRegistry } from '@/lib/ai/tools'
import { reserveUsageOrThrow, QuotaExceededError } from '@/lib/entitlements'
import { reserveUsageOrThrow, QuotaExceededError, QuotaServiceUnavailableError } from '@/lib/entitlements'
import { ByokUnavailableError } from '@/lib/byok'
import { trackFeatureUsage } from '@/lib/usage-tracker'
import { readFile } from 'fs/promises'
@@ -78,7 +78,15 @@ export async function POST(req: Request) {
{ status: 503 }
)
}
console.error('[chat] Quota check error (fail-open):', err)
if (err instanceof QuotaServiceUnavailableError) {
return Response.json({ error: err.code }, { status: 503 })
}
if (process.env.NODE_ENV !== 'production') {
console.error('[chat] Quota check error (fail-open):', err)
} else {
console.error('[chat] Quota check error:', err)
return Response.json({ error: 'QUOTA_SERVICE_UNAVAILABLE' }, { status: 503 })
}
}
// 2. Parse request body