Security & robustness hardening pass
Cross-cutting input-validation, isolation, and DoS-resistance fixes across the app, API, billing, queue, and infra layers. - Runtime validation (zod) for client-supplied admin actions (role/plan/ limits), series generation index, and all pg-boss queue payloads - Auth: require email verification before sign-in; reject weak/placeholder/ short BETTER_AUTH_SECRET in production - Billing: sanitize Stripe/PayPal errors (log server-side, generic to client); race-safe subscription upsert; only count "processed" webhook events as handled; verify org membership in getEffectivePlan to block plan escalation - Series generation: reserve usage up front and refund on failure; bill the owning org, not the caller's active org - Injection defenses: HTML-escape user fields in emails, strip CR/LF from subject/recipient, validate ElevenLabs voiceId before URL interpolation - Media routes: stream off disk instead of buffering whole files; rate-limit anonymous public audio/cover endpoints by client IP
This commit is contained in:
Leon Serfaty
+23
-3
@@ -1,6 +1,12 @@
|
||||
import "dotenv/config";
|
||||
import { getBoss } from "@/lib/queue/pgboss";
|
||||
import { QUEUES, type GenerateEpisodePayload, type EchoPayload } from "@/lib/queue/jobs";
|
||||
import {
|
||||
QUEUES,
|
||||
generateEpisodePayloadSchema,
|
||||
echoPayloadSchema,
|
||||
type GenerateEpisodePayload,
|
||||
type EchoPayload,
|
||||
} from "@/lib/queue/jobs";
|
||||
import { runEpisodeGeneration, refundEpisodeUsage } from "@/lib/ai/pipeline/generate-episode";
|
||||
import { setEpisodeStatus } from "@/lib/episodes/status";
|
||||
import { recordHeartbeat } from "@/lib/queue/health";
|
||||
@@ -21,7 +27,14 @@ async function main() {
|
||||
|
||||
// Proof-of-loop queue used by health checks / verification.
|
||||
await boss.work<EchoPayload>(QUEUES.echo, { batchSize: 1 }, async (jobs) => {
|
||||
for (const job of jobs) console.log("[echo]", job.data);
|
||||
for (const job of jobs) {
|
||||
const parsed = echoPayloadSchema.safeParse(job.data);
|
||||
if (!parsed.success) {
|
||||
console.error("[echo] invalid payload — skipping job", parsed.error.issues);
|
||||
continue;
|
||||
}
|
||||
console.log("[echo]", parsed.data);
|
||||
}
|
||||
});
|
||||
|
||||
// Episode generation. batchSize 1 = independent retries per job.
|
||||
@@ -49,7 +62,14 @@ async function handleGenerate(job: {
|
||||
retryCount?: number;
|
||||
retryLimit?: number;
|
||||
}) {
|
||||
const { episodeId, type } = job.data;
|
||||
// Runtime-validate the payload at the consume boundary. An invalid payload is
|
||||
// not retryable, so skip it rather than throwing into the work loop.
|
||||
const parsed = generateEpisodePayloadSchema.safeParse(job.data);
|
||||
if (!parsed.success) {
|
||||
console.error("[generate] invalid payload — skipping job", parsed.error.issues);
|
||||
return;
|
||||
}
|
||||
const { episodeId, type } = parsed.data;
|
||||
try {
|
||||
await runEpisodeGeneration(episodeId, type ?? "full");
|
||||
} catch (err) {
|
||||
|
||||
Reference in New Issue
Block a user