admin/podcastdistributiona
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security & robustness hardening pass

Browse Source 
Cross-cutting input-validation, isolation, and DoS-resistance fixes across
the app, API, billing, queue, and infra layers.

- Runtime validation (zod) for client-supplied admin actions (role/plan/
  limits), series generation index, and all pg-boss queue payloads
- Auth: require email verification before sign-in; reject weak/placeholder/
  short BETTER_AUTH_SECRET in production
- Billing: sanitize Stripe/PayPal errors (log server-side, generic to client);
  race-safe subscription upsert; only count "processed" webhook events as
  handled; verify org membership in getEffectivePlan to block plan escalation
- Series generation: reserve usage up front and refund on failure; bill the
  owning org, not the caller's active org
- Injection defenses: HTML-escape user fields in emails, strip CR/LF from
  subject/recipient, validate ElevenLabs voiceId before URL interpolation
- Media routes: stream off disk instead of buffering whole files; rate-limit
  anonymous public audio/cover endpoints by client IP
This commit is contained in:
Leon Serfaty
2026-06-20 20:59:03 -04:00
parent cd1d6a1a28
commit 51c541ad22
21 changed files with 489 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/billing/paypal.ts
+8 -2
View File
@@ -70,7 +70,11 @@ export async function createPaypalSubscription(args: {
},
}),
});
if (!res.ok) throw new Error(`PayPal create subscription ${res.status}: ${await res.text()}`);
if (!res.ok) {
// Log the full upstream detail server-side, but never surface it to clients.
console.error(`[paypal] create subscription ${res.status}: ${await res.text()}`);
throw new Error("PayPal request failed");
}
const data = (await res.json()) as { id: string; links: { rel: string; href: string }[] };
const approveUrl = data.links.find((l) => l.rel === "approve")?.href;
if (!approveUrl) throw new Error("PayPal did not return an approval URL");
@@ -94,7 +98,9 @@ export async function cancelPaypalSubscription(id: string, reason = "Customer re
body: JSON.stringify({ reason }),
});
if (!res.ok && res.status !== 204) {
throw new Error(`PayPal cancel subscription ${res.status}: ${await res.text()}`);
// Log the full upstream detail server-side, but never surface it to clients.
console.error(`[paypal] cancel subscription ${res.status}: ${await res.text()}`);
throw new Error("PayPal request failed");
}
}