fix(security): resolve 36 security audit issues#374
Merged
Conversation
- Parser: wikilinks ([[target]], [[target|display]], ![[embed]], #heading, ^block-id) - Parser: tags (#tag, #tag/subtag, code-block/comment aware) - Parser: YAML frontmatter (title, aliases, tags, custom fields) - Index: bidirectional link index with atomic diff-based updates - Graph: BFS traversal, depth control, tag grouping, D3 JSON output - NoteEngine: full CRUD, tag management, snapshot via TimeTravelEngine Closes #276
…UD endpoints - Issue #277: Expose Wikilink parser public types (Wikilink, LinkType, ParsedNote) - Issue #278: Expose NoteIndex public API with get_backlinks/get_forward_links - Issue #279: Expose TagIndex public API with search_by_tag pagination - Issue #280: Add GET /notes/{path}/graph endpoint with depth/max_nodes/tag_filter - Issue #281: Full Notes CRUD REST API: - GET /notes - list notes with prefix filter - GET /notes/{path} - get note with rich metadata - PUT /notes/{path} - create/update note - DELETE /notes/{path} - delete note - POST /notes/{path}/rename - rename with index updates - GET /notes/{path}/backlinks - incoming links - GET /notes/{path}/links - outgoing links - GET /tags - list all tags with counts - GET /tags/{tag}/notes - paginated notes by tag - Add Frontmatter Serialize/Deserialize derives for JSON responses - Add NotesEngine type alias for ergonomic API handler usage - Register NotesEngine as app_data in server startup - All validation: cargo check, clippy, 61 notes tests + full workspace tests pass Closes #277, Closes #278, Closes #279, Closes #280, Closes #281
- Issue #282: Add per-note version tracking via __version:* LSM keys - Add NoteEngine::put_note_with_version(), save_version(), get_version_history() - Add NoteEngine::get_note_at_version(), remove_version(), restore_version() - Add REST endpoints: - GET /notes/{path}/history - list versions - GET /notes/{path}/history/{timestamp} - get version content - DELETE /notes/{path}/history/{timestamp} - remove a version - POST /notes/{path}/restore?timestamp= - restore from version - POST /notes/{path}/snapshot - manual TimeTravel snapshot - Auto-save version on PUT /notes/{path} - Register TimeTravelEngine as app_data in server - All validation: cargo check, clippy, fmt, 61 tests pass Closes #282
- Issue #283: Inverted index stored as fts:{term} → [{path, count}] - Tokenizer: split on punctuation, lowercase, stop words, min/max length - TF-IDF relevance scoring with term frequency and inverse document frequency - Phrase search: "exact phrase" queries - Snippet generation with context around matched terms - Auto-index on note write, auto-cleanup on note delete - Checksum-based change detection (skip re-index when content unchanged) - REST endpoint: GET /search?q=...&limit=20 - 7 unit tests for tokenizer, snippet, and checksum All validation: cargo check, clippy, fmt, 68 tests pass Closes #283
- Issue #285: Notes page with file explorer sidebar + markdown editor - Issue #286: Graph view page with depth selector, nodes/edges tables - Issue #289: Tags page with tag list and note browsing per tag - Add 7 new API methods to ApexStoreService (getNotes, getNote, putNote, deleteNote, getGraphData, getTags, getTagNotes) - Register /notes, /graph, /tags routes in app.routes.ts - Add Content navigation group to sidebar (Notes, Graph View, Tags) Closes #285, Closes #286, Closes #289
Backend (#291, #292): - Add GET /stats/all for frontend compatibility - Add POST /keys with {key, value} body (frontend-compatible) - Add GET /keys/search?q=... for key search - Add POST /keys/batch for batch insert - Add GET /scan for full key scan - All new endpoints return {success, data} format Frontend pages (10 new admin/management pages): - #293: Compaction & Memtable Flush Management Page - #294: Health Probes & System Status Dashboard - #295: Rate Limiting Dashboard - #296: Backup & Restore Management Page - #297: Time Travel / Snapshot Browser Page - #298: Webhook Management Page - #299: Pub/Sub Topic Inspector Page - #300: SQL Query Runner Page - #301: Resilience Dashboard - #302: Access Control Policies Page All pages follow existing Angular patterns (standalone, dark theme, signals, toasts) Closes #291, Closes #292, Closes #293, Closes #294, Closes #295, Closes #296, Closes #297, Closes #298, Closes #299, Closes #300, Closes #301, Closes #302
- #303: Replication Topology & Status Page - #304: Vector Index & Semantic Search Page - #305: Data Sync & Multi-Model Management Page - #311: CDC (Change Data Capture) Configuration Page - #312: Bulk Import / Export Page - #313: Server Configuration Viewer Page - #314: Chaos Engineering & Fault Injection Page - #315: Log Level & Telemetry Configuration Page - #316: Tenant Quotas & Query Budget Management Page - #317: Data Scrubber & Idempotency Key Management Page - #318: Backpressure & Retry Configuration Page - #319: WASM Plugin Manager Page - #320: CI/CD Fixtures & Test Data Management Page All pages follow existing Angular patterns (standalone, dark theme, signals, toasts) Closes #303, Closes #304, Closes #305, Closes #311, Closes #312, Closes #313, Closes #314, Closes #315, Closes #316, Closes #317, Closes #318, Closes #319, Closes #320
- #307: GraphQL Playground page with query editor and response viewer - #309: Light/dark theme toggle with localStorage persistence - Add .light-mode CSS class overriding dark theme variables - Add executeGraphQL() method to ApexStoreService - Register /graphql route and navigation link - Theme toggle button in sidebar with Sun/Moon icons Closes #307, Closes #309 Also partially addresses #310 (sidebar navigation improvements)
- Issue #284: Add WebSocket endpoint at /ws/sync - Add SyncManager with CRDT engine, client registry, broadcast - Sync protocol: sync_push, sync_ack, subscribe message types - LWW conflict resolution via existing CrdtEngine - Broadcast changes to all connected clients - Add actix-ws 0.3 dependency for WebSocket support - Add get_all_entries() method to CrdtEngine - Register SyncManager as app_data in server All validation: cargo check, clippy, fmt, 68 tests pass Closes #284
…ing infra - #287: Template engine for daily notes with {{variable}}/{{date:}}/{{time:}} syntax - #288: Frontmatter validation with schema-based field checking - #306: Frontend WebSocket sync service (connect, push, receive changes) - #308: Frontend testing infrastructure (Karma, Jasmine, sample tests) - #306: Sync status page with connection monitoring Closes #287, Closes #288, Closes #306, Closes #308
…sharding - H-01: Replace N+1 scan with single scan_cf() call - H-02: Add MAX_BATCH_SIZE=1000 limit to batch insert - INPUT-VAL-001: Add MAX_KEY_SIZE (4KB) and MAX_VALUE_SIZE (16MB) validation - H-05: Shard rate limiter into 16 mutexes instead of single global lock - #354: Add admin endpoint rate limits (5 req/min for compact/flush) Closes #329 Closes #330 Closes #353 Closes #333 Closes #354
…mpotency wiring - C-05: Add auth header support and retry logic to CDC WebhookPublisher - H-03: GraphQL playground returns 404 outside development environment - H-04: Add auth check to WebSocket /ws/sync handler - H-06: Wire IdempotencyMiddleware as app_data in API server Closes #328 Closes #331 Closes #332 Closes #334
…CI audit, CSRF guard - ENCRYPTION-001: Enable encryption by default in EncryptionConfig and StorageConfig - H-07: Add config validation warnings at startup - WAL-FSYNC-001: Make WAL sync interval configurable on WriteAheadLog - M-10: Add cargo audit step to CI workflow - M-01: Add ContentTypeGuard middleware for CSRF protection - M-03: Verified constant-time token comparison already implemented - Fix scrubber tests to disable encryption explicitly Closes #364 Closes #335 Closes #365 Closes #346 Closes #338 Closes #339
…lidation, perms, request-id logging - IO-DISK-001: Add DegradationManager to Engine with set_read_only/degradation_mode - BACKPRESSURE-001: Wire CompactionBackpressure into Engine with write/compaction tracking - L-05: Add write amplification metrics (SST/WAL bytes written/read) - L-04: Add /health/check comprehensive endpoint with engine stats - INPUT-VAL-002: Add key length and empty validation in put_key/post_key/batch_keys - FS-PERM-001: Set 0600 on WAL/lock files, 0700 on SST directories - OBSERV-003: Structured JSON logging with x-request-id in Logger middleware Closes #358 Closes #361 Closes #352 Closes #351 Closes #355 Closes #356 Closes #369
…it, CDC metrics - M-05: retry_with_backoff now async using tokio::time::sleep (non-blocking) - M-07: Add AuditMiddleware that logs structured audit events with principal - M-08: Connect DegradationManager checks to all write API handlers (503 on ReadOnly) - M-09: Make per-IP connection limit configurable via max_connections_per_ip - OBSERV-002: Add success/failure counters to CDC WebhookPublisher - FS-PERM-001: Connect DiskMonitor to DegradationManager for auto read-only Closes #341 Closes #343 Closes #344 Closes #345 Closes #366
…ench CI - L-02: Replace location.reload() with fetch() in admin dashboard - L-03: Add Deprecation/Sunset headers to duplicate GET /stats/all endpoint - READ-AMP-001: Add read_amplification() metric + Prometheus gauge - BENCH-001: Add benchmark job to CI workflow Closes #349 Closes #350 Closes #370 Closes #368
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR resolves 36 security audit issues identified in the ApexStore security audit report.
Changes
Security (Batch 1)
API Security (Batch 2)
Web/API Hardening (Batch 3)
Security Posture (Batch 4)
Resilience & Observability (Batch 5)
Audit, Degradation, Rate Limits (Batch 6)
Dashboard & Metrics (Batch 7)
Verified
cargo check --all-features— passescargo clippy --all-targets --all-features -- -D warnings— passescargo test --all-features— 550/552 pass (2 flaky benchmark latency tests)Remaining Issues
The following 14 remaining issues are not addressed in this PR and will be handled separately: