Enhance security, update Open Graph images, and improve API functionality#91
Open
Enhance security, update Open Graph images, and improve API functionality#91
Conversation
…e security checks, and improve connection string validation
- Implemented rate limiting and same-origin enforcement for SPA token generation endpoint to prevent abuse. - Updated RedactingLogger to return a no-op disposable from BeginScope to avoid null dereference issues. - Enhanced ApiKeyAuthenticationMiddleware to include OwnerId in context for tenant isolation. - Added OwnerId and ConnectionStringHash properties to Namespace entity for improved tenant isolation and deduplication. - Introduced GetByOwnerAsync method in INamespaceRepository to enforce per-caller isolation. - Improved InMemoryNamespaceRepository to handle OwnerId and ConnectionStringHash correctly, ensuring data integrity. - Updated ServiceBusClientFactory to provide safer error messages for invalid connection strings. - Added telemetry filters to redact sensitive data in Application Insights telemetry. - Created unit tests for new features and enhancements, ensuring robust coverage for telemetry and namespace functionalities. - Updated appsettings.Production.json to restrict allowed hosts for enhanced security.
…k useNamespaces for environment checks
- Changed Open Graph and Twitter meta tags to use PNG image instead of SVG. - Added robots.txt to allow all user agents and specify sitemap location. - Updated namespace existence check in INamespaceRepository to include owner ID. - Modified InMemoryNamespaceRepository to implement the new owner ID check. - Enhanced ConnectionStringProtector to derive keys using HKDF and PBKDF2 for better security. - Updated unit tests for InMemoryNamespaceRepository to reflect changes in ExistsAsync method.
…proved performance
There was a problem hiding this comment.
Pull request overview
This PR targets ServiceHub v3.1.0 with a focus on production safety (disable destructive “Quick Actions” in Prod), stronger security defaults (key derivation hardening, tenant isolation), improved observability/telemetry hygiene, and better SEO/perf (sitemap + Vite code splitting).
Changes:
- Enforces tenant isolation via
OwnerIdacross API auth, controllers, and namespace persistence (including owner-scoped duplicate checks and atomic persistence writes). - Hardens security posture (HKDF/PBKDF2 key derivation, safer error messages, Service Bus endpoint hostname validation, telemetry/log redaction, prod-safe EF detailed errors).
- Improves UX/perf/SEO (FAB gating + Prod disable UI, message-op 404 toasts, sitemap/robots + OG image updates, lazy-loaded heavy pages and chunk splitting).
Reviewed changes
Copilot reviewed 60 out of 67 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| services/api/tests/ServiceHub.UnitTests/ServiceHub.UnitTests.csproj | Adds App Insights dependency for telemetry unit tests. |
| services/api/tests/ServiceHub.UnitTests/Infrastructure/ServiceBus/ServiceBusClientFactoryTests.cs | Updates assertions for safer, non-leaky error messages. |
| services/api/tests/ServiceHub.UnitTests/Infrastructure/Security/ConnectionStringProtectorTests.cs | Updates tests for new IHostEnvironment dependency. |
| services/api/tests/ServiceHub.UnitTests/Infrastructure/InMemoryNamespaceRepositoryTests.cs | Updates tests for owner-scoped ExistsAsync. |
| services/api/tests/ServiceHub.UnitTests/Api/Telemetry/SensitiveDataTelemetryProcessorTests.cs | Adds coverage for telemetry redaction behavior. |
| services/api/tests/ServiceHub.UnitTests/Api/Telemetry/HealthCheckTelemetryFilterTests.cs | Adds coverage for dropping noisy health/doc telemetry. |
| services/api/tests/ServiceHub.UnitTests/Api/Telemetry/CorrelationTelemetryInitializerTests.cs | Adds coverage for correlation/version enrichment. |
| services/api/tests/ServiceHub.UnitTests/Api/Controllers/V1/NamespacesControllerTests.cs | Updates tests for owner-scoped namespace listing and duplicate detection. |
| services/api/tests/ServiceHub.UnitTests/Api/Controllers/V1/CorrelationControllerTests.cs | Updates tests to owner-scoped namespace access. |
| services/api/src/ServiceHub.Infrastructure/ServiceBus/ServiceBusClientFactory.cs | Masks internal SDK errors + blocks non-ServiceBus host endpoints. |
| services/api/src/ServiceHub.Infrastructure/Security/ConnectionStringProtector.cs | Enforces non-dev encryption key policy + stronger key derivation. |
| services/api/src/ServiceHub.Infrastructure/Persistence/InMemory/InMemoryNamespaceRepository.cs | Adds path traversal guardrails, owner scoping, atomic writes, snapshot fields. |
| services/api/src/ServiceHub.Infrastructure/DependencyInjection.cs | Avoids duplicate worker registration; dev-only EF detailed errors. |
| services/api/src/ServiceHub.Core/Interfaces/INamespaceRepository.cs | Adds GetByOwnerAsync and owner-scoped ExistsAsync. |
| services/api/src/ServiceHub.Core/Entities/Namespace.cs | Adds OwnerId + ConnectionStringHash for tenancy/deduplication. |
| services/api/src/ServiceHub.Core/DTOs/Requests/CreateNamespaceRequest.cs | Adjusts request validation limits. |
| services/api/src/ServiceHub.Api/wwwroot/robots.txt | Adds robots policy + sitemap reference. |
| services/api/src/ServiceHub.Api/wwwroot/index.html | Updates OG/Twitter image URLs + built asset references. |
| services/api/src/ServiceHub.Api/wwwroot/assets/page-dlq-history-Ci6ASOkT.js | Updated built bundle output (code splitting). |
| services/api/src/ServiceHub.Api/wwwroot/assets/page-dashboard-BLHx3z7v.js | Updated built bundle output (code splitting). |
| services/api/src/ServiceHub.Api/wwwroot/assets/index-Csmzp5mN.css | Updated built CSS output. |
| services/api/src/ServiceHub.Api/Telemetry/SensitiveDataTelemetryProcessor.cs | Avoids modifying query collection during enumeration. |
| services/api/src/ServiceHub.Api/Middleware/ApiKeyAuthenticationMiddleware.cs | Derives request OwnerId from auth method/key for isolation. |
| services/api/src/ServiceHub.Api/Logging/RedactingLoggerProvider.cs | Honors configured minimum log level + safe BeginScope behavior. |
| services/api/src/ServiceHub.Api/Extensions/WebApplicationExtensions.cs | Hardens /internal/spa-token + adds /sitemap.xml. |
| services/api/src/ServiceHub.Api/Controllers/V1/TopicsController.cs | Enforces owner isolation for topic operations. |
| services/api/src/ServiceHub.Api/Controllers/V1/SubscriptionsController.cs | Enforces owner isolation for subscription operations. |
| services/api/src/ServiceHub.Api/Controllers/V1/QueuesController.cs | Enforces owner isolation for queue operations. |
| services/api/src/ServiceHub.Api/Controllers/V1/NamespacesController.cs | Owner-scoped list/duplicate checks + hash-based dedup + safer errors. |
| services/api/src/ServiceHub.Api/Controllers/V1/MessagesController.cs | Enforces owner isolation for replay operation. |
| services/api/src/ServiceHub.Api/Controllers/V1/CorrelationController.cs | Owner-scoped namespace selection for correlation search. |
| services/api/src/ServiceHub.Api/Controllers/V1/AnomaliesController.cs | Enforces owner isolation for anomaly detection. |
| services/api/src/ServiceHub.Api/Controllers/ApiControllerBase.cs | Centralizes OwnerId derivation from request context. |
| services/api/src/ServiceHub.Api/Configuration/CorsConfiguration.cs | Restricts allowed request headers for CORS. |
| services/api/src/ServiceHub.Api/Authorization/ApiKeyConfiguration.cs | Adds IsAdminKey helper for owner-scope logic. |
| services/api/src/ServiceHub.Api/appsettings.Production.json | Locks down AllowedHosts/CORS + adds SiteUrl. |
| services/api/src/ServiceHub.Api/appsettings.json | Enables authentication by default. |
| run.sh | Improves setup robustness, dependency install, and startup diagnostics. |
| run.ps1 | Adds auto-install, dependency restore, and improved logs/UX. |
| README.md | Updates React version references to 19. |
| CHANGELOG.md | Adds 3.1.0 notes incl. breaking change notice. |
| apps/web/vite.config.ts | Adds Rollup chunk splitting for perf/cold start. |
| apps/web/src/router.tsx | Lazy-loads heavy pages with Suspense fallback. |
| apps/web/src/pages/InsightsPage.tsx | Adds preview banner UI. |
| apps/web/src/pages/index.ts | Removes heavy page exports; documents lazy-loading. |
| apps/web/src/pages/DlqHistoryPage.tsx | Reduces prod console logging + adds default export. |
| apps/web/src/pages/DashboardPage.tsx | Adds default export for lazy-loading. |
| apps/web/src/pages/CorrelationExplorerPage.tsx | Adds default export for lazy-loading. |
| apps/web/src/pages/ConnectPage.tsx | Removes RootManageSharedAccessKey warning + updates security copy. |
| apps/web/src/lib/api/client.ts | Shows 404 toasts for message operations; adjusts silent-404 logic. |
| apps/web/src/hooks/useNamespaces.ts | Avoids logging full error objects; dev-only logging. |
| apps/web/src/components/layout/MainLayout.tsx | Gates FAB by env + Manage permission; passes env to FAB. |
| apps/web/src/components/fab/MessageGeneratorModal.tsx | Dev-only console logging. |
| apps/web/src/components/fab/MessageFAB.tsx | Disables destructive actions in Prod + adds warning banner. |
| apps/web/src/tests/components/layout/MainLayout.test.tsx | Expands FAB visibility test matrix w/ mocked namespaces. |
| apps/web/public/robots.txt | Adds robots policy + sitemap reference. |
| apps/web/package.json | Bumps web app version to 3.1.0. |
| apps/web/index.html | Updates OG/Twitter image URLs to PNG. |
| .version | Updates repo version marker (but currently inconsistent). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
services/api/src/ServiceHub.Api/Configuration/CorsConfiguration.cs
Outdated
Show resolved
Hide resolved
…ions and component exports
- Fix npm audit: upgrade vite to resolve high-severity WebSocket and path-traversal vulnerabilities - Security: fix same-origin enforcement in /internal/spa-token endpoint using proper URI parsing instead of substring matching (prevents bypass via example.com.evil.com) - CORS: add X-SPA-Token to allowed headers in both production and development policies - UI: allow UAT environment for Quick Actions (FAB) in addition to Dev - only Production disables them - Fix run.sh: move detect_os before check_xcode_clt so OS variable is available - Versioning: update .version file to 3.1.0 and CHANGELOG release date to 2026-04-07 - SEO: use relative /sitemap.xml path in robots.txt for multi-environment compatibility
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request implements ServiceHub version 3.1.0, focusing on improved safety for production environments, enhanced test coverage, and several important bug fixes and documentation updates. The most significant change is that the FAB (floating action button) now disables all destructive "Quick Actions" (Send, Generate, Dead-Letter) when the selected namespace is tagged as Production, preventing accidental operations on live data. The PR also improves key derivation security, fixes multi-tenancy bugs, and updates documentation for accuracy.
Production Safety & UI Changes:
MessageFABcomponent now receives the namespace environment and disables all destructive actions (Send, Generate, Dead-Letter) when the environment is Production. A warning is displayed in the UI, and buttons are visually and functionally disabled to prevent accidental changes in production. [1] [2] [3] [4] [5]Test Coverage Improvements:
MainLayouttests are expanded to cover all combinations of environment and permissions, ensuring the FAB is only shown and enabled in safe contexts (non-production, with Manage permission). Mocks foruseNamespacesare added to simulate different scenarios. [1] [2] [3] [4] [5]Security & Bug Fixes:
OwnerId, fixing a multi-tenancy bug.Documentation & Versioning:
.versionandpackage.jsonupdated to3.1.0, and changelog entries added for all new features and fixes. [1] [2] [3]SEO & Social Sharing:
/sitemap.xmlreference torobots.txtfor improved SEO. Open Graph and Twitter image URLs switched from.svgto.pngfor better compatibility. [1] [2] [3]Breaking Change Notice: