fix(security): Phase 1 P0 hardening from cross-project audit
Close open uploads, image-proxy SSRF, fail-open AI quotas in production, auth gaps on app routes, and MCP tenant isolation issues. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server'
|
||||
import { readFile, stat } from 'fs/promises'
|
||||
import path from 'path'
|
||||
import { auth } from '@/auth'
|
||||
import { canAccessUploadedNoteImage } from '@/lib/upload-access'
|
||||
|
||||
const UPLOAD_DIR = path.join(process.cwd(), 'data', 'uploads')
|
||||
|
||||
@@ -17,6 +18,7 @@ export async function GET(
|
||||
_req: NextRequest,
|
||||
{ params }: { params: Promise<{ path: string[] }> }
|
||||
) {
|
||||
const session = await auth()
|
||||
const { path: segments } = await params
|
||||
|
||||
// Only serve from uploads/notes/ subdirectory
|
||||
@@ -25,6 +27,13 @@ export async function GET(
|
||||
}
|
||||
|
||||
const filename = segments[segments.length - 1]
|
||||
const allowed = await canAccessUploadedNoteImage(filename, session?.user?.id)
|
||||
if (!allowed) {
|
||||
return new NextResponse(session?.user?.id ? 'Forbidden' : 'Unauthorized', {
|
||||
status: session?.user?.id ? 403 : 401,
|
||||
})
|
||||
}
|
||||
|
||||
const ext = path.extname(filename).toLowerCase()
|
||||
const contentType = MIME_MAP[ext]
|
||||
if (!contentType) {
|
||||
|
||||
Reference in New Issue
Block a user