fix: update Open Graph and Twitter image URLs, add robots.txt, enhanc…#90
Closed
fix: update Open Graph and Twitter image URLs, add robots.txt, enhanc…#90
Conversation
…e security checks, and improve connection string validation
- Implemented rate limiting and same-origin enforcement for SPA token generation endpoint to prevent abuse. - Updated RedactingLogger to return a no-op disposable from BeginScope to avoid null dereference issues. - Enhanced ApiKeyAuthenticationMiddleware to include OwnerId in context for tenant isolation. - Added OwnerId and ConnectionStringHash properties to Namespace entity for improved tenant isolation and deduplication. - Introduced GetByOwnerAsync method in INamespaceRepository to enforce per-caller isolation. - Improved InMemoryNamespaceRepository to handle OwnerId and ConnectionStringHash correctly, ensuring data integrity. - Updated ServiceBusClientFactory to provide safer error messages for invalid connection strings. - Added telemetry filters to redact sensitive data in Application Insights telemetry. - Created unit tests for new features and enhancements, ensuring robust coverage for telemetry and namespace functionalities. - Updated appsettings.Production.json to restrict allowed hosts for enhanced security.
…k useNamespaces for environment checks
- Changed Open Graph and Twitter meta tags to use PNG image instead of SVG. - Added robots.txt to allow all user agents and specify sitemap location. - Updated namespace existence check in INamespaceRepository to include owner ID. - Modified InMemoryNamespaceRepository to implement the new owner ID check. - Enhanced ConnectionStringProtector to derive keys using HKDF and PBKDF2 for better security. - Updated unit tests for InMemoryNamespaceRepository to reflect changes in ExistsAsync method.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several important security, configuration, and usability improvements across both the frontend and backend of the ServiceHub application. The most significant changes focus on strengthening connection string validation, enforcing stricter security practices for encryption keys, updating CORS and authentication settings, and improving user-facing messaging and metadata.
Security improvements:
ConnectionStringProtector.cs). This change also updates the constructor to require the host environment for this check and updates all related unit tests to provide a mock environment. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15].servicebus.windows.net(ServiceBusClientFactory.cs).Configuration and authentication:
appsettings.Production.json.appsettings.json("Authentication": { "Enabled": true }).Frontend and user experience:
RootManageSharedAccessKeyin the connection string on the frontend, simplifying the connection flow for users (ConnectPage.tsx)..pnginstead of.svgfor better compatibility (index.html). [1] [2]robots.txtfile to allow all crawlers and provide a sitemap reference (public/robots.txt).API and validation:
CreateNamespaceRequest.cs.These changes collectively enhance the security and reliability of the application, ensure correct configuration for production deployments, and improve the overall user and developer experience.…e security checks, and improve connection string validation