admin/podcastdistributiona
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security & robustness hardening pass

Browse Source 
Cross-cutting input-validation, isolation, and DoS-resistance fixes across
the app, API, billing, queue, and infra layers.

- Runtime validation (zod) for client-supplied admin actions (role/plan/
  limits), series generation index, and all pg-boss queue payloads
- Auth: require email verification before sign-in; reject weak/placeholder/
  short BETTER_AUTH_SECRET in production
- Billing: sanitize Stripe/PayPal errors (log server-side, generic to client);
  race-safe subscription upsert; only count "processed" webhook events as
  handled; verify org membership in getEffectivePlan to block plan escalation
- Series generation: reserve usage up front and refund on failure; bill the
  owning org, not the caller's active org
- Injection defenses: HTML-escape user fields in emails, strip CR/LF from
  subject/recipient, validate ElevenLabs voiceId before URL interpolation
- Media routes: stream off disk instead of buffering whole files; rate-limit
  anonymous public audio/cover endpoints by client IP
This commit is contained in:
Leon Serfaty
2026-06-20 20:59:03 -04:00
parent cd1d6a1a28
commit 51c541ad22
21 changed files with 489 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/api/assets/[...key]/route.ts
+8 -5
View File
@@ -1,3 +1,4 @@
import { Readable } from "node:stream";
import { NextRequest } from "next/server";
import { getServerSession } from "@/lib/auth/guards";
import { prisma } from "@/lib/db";
@@ -42,20 +43,22 @@ export async function GET(
const isAdmin = session.user.role === "admin";
if (!isOwner && !isAdmin) return new Response("Forbidden", { status: 403 });
const exists = await storage().exists(key);
if (!exists) return new Response("Not found", { status: 404 });
// Stream off disk instead of buffering the whole file into memory.
const total = await storage().size(key);
if (total === null) return new Response("Not found", { status: 404 });
const data = await storage().get(key);
const ext = key.split(".").pop()?.toLowerCase() ?? "";
const contentType = CONTENT_TYPES[ext] ?? "application/octet-stream";
const download = req.nextUrl.searchParams.get("download");
const filename = key.split("/").pop() ?? "asset";
return new Response(data as BodyInit, {
const node = storage().createReadStream!(key);
const body = Readable.toWeb(node as Readable) as unknown as BodyInit;
return new Response(body, {
headers: {
"Content-Type": contentType,
"Content-Length": String(data.byteLength),
"Content-Length": String(total),
"Cache-Control": "private, max-age=3600",
...(download
? { "Content-Disposition": `attachment; filename="${filename}"` }