|
|
fa72672aac
|
security: fix critical auth gaps, SSRF, IDOR, and embedding error handling
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL:
- Add auth + admin check to 10 unprotected API routes (test-*, debug/*,
config, models, fix-labels)
- Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open)
- Add SSRF protection to getOllamaModels (blocks private/internal IPs)
HIGH:
- Fix getAllLabels() missing userId filter (leaked all users' labels)
- Fix /api/labels OR clause leaking other users' labels
- Fix IDOR in toggleAgent/getAgentActions (add ownership check)
- Fix getEmbeddings() returning [] on error in all 5 providers (corrupted
semantic search with NaN cosine similarity) — now throws instead
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-04-30 21:02:13 +02:00 |
|
|
|
153c921960
|
fix: comprehensive i18n — replace hardcoded French/English strings with t() calls
Deploy to Production / Build and Deploy (push) Failing after 1m7s
Replaced ~100+ hardcoded French and English text strings across 30+ components
with proper i18n t() calls. Added 57 new translation keys to all 15 locale files
(ar, de, en, es, fa, fr, hi, it, ja, ko, nl, pl, pt, ru, zh).
Key changes:
- contextual-ai-chat.tsx: 30 French strings → t() (actions, toasts, labels, placeholders)
- ai-chat.tsx: 15 French/English strings → t() (header, tabs, welcome, insights, history)
- note-inline-editor.tsx: 20 French fallbacks removed (toolbar, save status, checklist)
- lab-skeleton.tsx: French loading text → t()
- admin-header.tsx, header.tsx, editor-connections-section.tsx: French fallbacks removed
- New AI chat component, agent cards, sidebar, settings panel i18n cleanup
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-04-26 21:14:45 +02:00 |
|