From 04aeb4d31d8be3725c52693fa83e7fbccc7ba059 Mon Sep 17 00:00:00 2001 From: echobt Date: Wed, 4 Feb 2026 15:24:26 +0000 Subject: [PATCH 1/2] fix(auth): use unwrap_or_default for SystemTime operations --- src/cortex-app-server/src/auth.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cortex-app-server/src/auth.rs b/src/cortex-app-server/src/auth.rs index 414f36f..4f240c3 100644 --- a/src/cortex-app-server/src/auth.rs +++ b/src/cortex-app-server/src/auth.rs @@ -45,7 +45,7 @@ impl Claims { pub fn new(user_id: impl Into, expiry_seconds: u64) -> Self { let now = SystemTime::now() .duration_since(UNIX_EPOCH) - .unwrap() + .unwrap_or_default() .as_secs(); Self { @@ -75,7 +75,7 @@ impl Claims { pub fn is_expired(&self) -> bool { let now = SystemTime::now() .duration_since(UNIX_EPOCH) - .unwrap() + .unwrap_or_default() .as_secs(); self.exp < now } @@ -187,7 +187,7 @@ impl AuthService { pub async fn cleanup_revoked_tokens(&self) { let now = SystemTime::now() .duration_since(UNIX_EPOCH) - .unwrap() + .unwrap_or_default() .as_secs(); let mut revoked = self.revoked_tokens.write().await; From 76a64c662450a95b302fcda2a4fbc4355a81aeb9 Mon Sep 17 00:00:00 2001 From: echobt Date: Wed, 4 Feb 2026 15:27:25 +0000 Subject: [PATCH 2/2] fix(middleware): handle invalid request-id header values gracefully --- src/cortex-app-server/src/middleware.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cortex-app-server/src/middleware.rs b/src/cortex-app-server/src/middleware.rs index a997157..45d4406 100644 --- a/src/cortex-app-server/src/middleware.rs +++ b/src/cortex-app-server/src/middleware.rs @@ -40,7 +40,8 @@ pub async fn request_id_middleware(mut request: Request, next: Next) -> Response let mut response = next.run(request).await; response.headers_mut().insert( REQUEST_ID_HEADER, - HeaderValue::from_str(&request_id).unwrap(), + HeaderValue::from_str(&request_id) + .unwrap_or_else(|_| HeaderValue::from_static("invalid-request-id")), ); response