admin/deploy-felhom-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: P2+P3 bug fixes, hardening, and cleanup (18 files)

Browse Source 
Bug fixes:
- Add applyEnvOverrides to LoadFromBytes (M05)
- Set state=failed on compose-up failure in selfupdate (M16)
- Clamp usableMB to min 0 in memory check (M22)
- Remove "manual" schedule from triggerAllCrossBackups (M23)
- Add mmcblk device handling for partition paths (M21)
- Fix stripPartition for mmcblk devices (L25)
- Fix TruncateStr for UTF-8 and negative maxLen (L05/L06)
- Fix AllDone to return false for empty restore plans (L14)
- Fix PushOnce to return actual errors (L39)
- Restore pending events on save failure in DrainPendingEvents (M03)
- Add duplicate check in AddStoragePath (M04)
- Call CleanupTempMounts after drive scan (H13)
- Log SetStep save errors (M25)

Hardening:
- Guard scheduler Start() against double-start (M14)
- Acquire mutex in scheduler Stop() before reading cancel (L24)
- Cap log lines parameter to 10000 (L31)
- Require POST for logout (L32)
- Use sync.Once for Server.Close() (L49)
- Panic on crypto/rand.Read failure in setup CSRF (L40)
- Validate Bearer token against Hub API key in CSRF (H16 fix)
- Replace custom hasPrefix with strings.HasPrefix (L13)
- Replace simpleHash with crc32.ChecksumIEEE (L48)

Cleanup:
- Remove dead imageName function (L02)
- Remove dead detectHostIPViaRoute function (L03)
- Rename shadowed copy variable to cp (L07)
- Copy DefaultEnabledEvents in GetNotificationPrefs early return (L09)
- Update BUGHUNT.md with comprehensive audit results

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-02-25 13:47:52 +01:00
parent 8b8c04a487
commit 45f75a916c
18 changed files with 698 additions and 843 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controller/internal/api/router.go
+6 -3
View File
@@ -379,6 +379,9 @@ func (r *Router) actionStack(w http.ResponseWriter, action, name string) {
if totalMB, usedMB, memErr := system.GetMemoryMB(); memErr == nil {
reservedMB := r.cfg.System.ReservedMemoryMB
usableMB := totalMB - reservedMB
if usableMB < 0 {
usableMB = 0
}
afterMB := usedMB + stackMemMB
if afterMB > usableMB {
writeJSON(w, http.StatusConflict, apiResponse{
@@ -444,6 +447,9 @@ func (r *Router) getStackLogs(w http.ResponseWriter, req *http.Request, name str
if v := req.URL.Query().Get("lines"); v != "" {
if n, err := strconv.Atoi(v); err == nil && n > 0 {
lines = n
if lines > 10000 {
lines = 10000
}
}
}
@@ -918,9 +924,6 @@ func (r *Router) triggerAllCrossBackups(w http.ResponseWriter, _ *http.Request)
if err := r.crossDriveRunner.RunAllScheduled(ctx, "weekly"); err != nil {
r.logger.Printf("[API] Cross-drive run-all weekly error: %v", err)
}
if err := r.crossDriveRunner.RunAllScheduled(ctx, "manual"); err != nil {
r.logger.Printf("[API] Cross-drive run-all manual error: %v", err)
}
if r.OnCrossDriveComplete != nil {
r.OnCrossDriveComplete()
}