Security & robustness hardening pass
Cross-cutting input-validation, isolation, and DoS-resistance fixes across the app, API, billing, queue, and infra layers. - Runtime validation (zod) for client-supplied admin actions (role/plan/ limits), series generation index, and all pg-boss queue payloads - Auth: require email verification before sign-in; reject weak/placeholder/ short BETTER_AUTH_SECRET in production - Billing: sanitize Stripe/PayPal errors (log server-side, generic to client); race-safe subscription upsert; only count "processed" webhook events as handled; verify org membership in getEffectivePlan to block plan escalation - Series generation: reserve usage up front and refund on failure; bill the owning org, not the caller's active org - Injection defenses: HTML-escape user fields in emails, strip CR/LF from subject/recipient, validate ElevenLabs voiceId before URL interpolation - Media routes: stream off disk instead of buffering whole files; rate-limit anonymous public audio/cover endpoints by client IP
This commit is contained in:
Leon Serfaty
@@ -3,7 +3,9 @@ import { prisma } from "@/lib/db";
|
||||
/** True if we've already handled this provider event (idempotency). */
|
||||
export async function alreadyProcessed(eventId: string): Promise<boolean> {
|
||||
const existing = await prisma.webhookEvent.findUnique({ where: { eventId } });
|
||||
return !!existing;
|
||||
// Only a successfully "processed" event is considered handled. Rows logged as
|
||||
// "failed" (or "skipped") must be reprocessable when the provider retries.
|
||||
return existing?.status === "processed";
|
||||
}
|
||||
|
||||
/** Record a webhook delivery for the admin log (best-effort; unique on eventId). */
|
||||
|
||||
Reference in New Issue
Block a user