monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7aaaeaa1d1644c057614f0fe93b588d5dd86eb47
the-other-dude/poller
History
Jason Staack 7aaaeaa1d1 fix: address spec compliance gaps - tenant check, XFF fallback, rate limiting 
- Gap 1: Add tenant ID verification after device lookup in SSH relay handleSSH,
  closing cross-tenant token reuse vulnerability
- Gap 2: Add X-Forwarded-For fallback (last entry) when X-Real-IP is absent in
  SSH relay source IP extraction; import strings package
- Gap 3: Add @limiter.limit("10/minute") to POST /winbox-session and POST
  /ssh-session using existing slowapi pattern from app.middleware.rate_limit
- Gap 4: Add TODO comment in open_ssh_session explaining that SSH session count
  enforcement is at the poller level; no NATS subject exists yet for API-side
  pre-check

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 15:51:14 -05:00
..
cmd/poller
feat(poller): wire tunnel manager and SSH relay into main
2026-03-12 15:35:55 -05:00
internal
fix: address spec compliance gaps - tenant check, XFF fallback, rate limiting
2026-03-12 15:51:14 -05:00
.dockerignore
feat: The Other Dude v9.0.1 — full-featured email system
2026-03-08 19:30:44 -05:00
.gitignore
feat: The Other Dude v9.0.1 — full-featured email system
2026-03-08 19:30:44 -05:00
docker-entrypoint.sh
feat: The Other Dude v9.0.1 — full-featured email system
2026-03-08 19:30:44 -05:00
Dockerfile
fix: CRLF/BOM line endings + restart policies + gitattributes
2026-03-12 14:05:40 -05:00
go.mod
feat(poller): add SSH relay server with WebSocket-to-PTY bridge
2026-03-12 15:33:48 -05:00
go.sum
feat(poller): add SSH relay server with WebSocket-to-PTY bridge
2026-03-12 15:33:48 -05:00