github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-05-22 00:13:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
22,076 Commits 194 Branches 288 Tags
Commit Graph

36 Commits

Author SHA1 Message Date
Andrey Antukh
d670ba4bff 🐛 Fix mattermost and database logger related to the audit event change 2026-05-11 17:07:59 +02:00
Andrey Antukh
279231240d
🐛 Harden outbound HTTP requests against SSRF and restrict assets handlers (#9390) 
* ⬆️ Update root deps

* 🐛 Harden outbound HTTP requests against SSRF and restrict unauthenticated asset access

- Add app.util.ssrf URL/host validator that resolves hostnames and blocks
  loopback, link-local, site-local, cloud metadata, and operator-supplied CIDRs
- Add app.media.sanitize image EOF truncator that strips trailing data after
  PNG IEND, JPEG EOI, GIF trailer, and WebP RIFF markers
- Disable HTTP client auto-redirect; add req-with-redirects! helper that
  revalidates every redirect hop against the SSRF blocklist
- Wire SSRF validation and EOF sanitization into media/download-image
- Validate webhook URLs and OIDC profile picture URLs against SSRF
- Restrict /assets/by-id to require authentication for non-public buckets
  (profile) while keeping public access for file-media-object,
  file-object-thumbnail, team-font-variant, and file-data-fragment
- Add config knobs: ssrf-protection-enabled, ssrf-allowed-hosts,
  ssrf-extra-blocked-cidrs

Signed-off-by: Andrey Antukh <niwi@niwi.nz>

---------

Signed-off-by: Andrey Antukh <niwi@niwi.nz>
 2026-05-08 09:18:22 +02:00
Andrey Antukh
4a7b89a1da
Merge pull request #8327 from penpot/niwinz-develop-rlimit-notifications 
 Add proper mattermost notifications for rlimit rejects
 2026-02-13 17:11:54 +01:00
Andrey Antukh
d80ba1856a
Add several improvements to frontend error reporting 
*  Add major improvement on error handling

*  Add the ability to store frontend reports

* 📎 Add PR feedback changes
 2026-02-04 12:45:38 +01:00
Andrey Antukh
88fb5e7ab5 ♻️ Update integrant to latest version 
This upgrade also includes complete elimination of use spec
from the backend codebase, completing the long running migration
to fully use malli for validation and decoding.
 2024-11-13 19:09:19 +01:00
Andrey Antukh
036392af6e Add the logger info to mattermost reporter 2024-04-10 15:31:49 +02:00
Andrey Antukh
046f501152 Improve error reporting context 2023-08-02 14:51:12 +02:00
Alejandro Alonso
408de63ea3 Merge remote-tracking branch 'origin/staging' into develop 2023-04-05 07:35:36 +02:00
Andrey Antukh
cdaf63afa0 🐛 Enable by default mattermost webhook error reporter 2023-04-04 08:38:05 +02:00
Andrey Antukh
d76baa3266 ⬆️ Update promesa dependency 
And adapt all code for breaking changes
 2023-03-14 12:30:27 +01:00
Andrey Antukh
bb055a3c84 ♻️ Refactor logging subsystem and error reporting 2023-02-02 13:38:04 +01:00
Andrey Antukh
853be27780 🐛 Fix issues on database logger 2023-01-09 11:43:26 +01:00
Andrey Antukh
d584ae5a0f Improve json encode/decode api 2022-12-13 16:17:31 +01:00
Andrey Antukh
8bad9d8340 ♻️ Refactor loggers/audit, auth/oidc, and http/clent modules 2022-12-05 08:53:00 +01:00
luz paz
e30bea0b6f 🔧 Fix typos in source code 
Found via `codespell -q 3 -S *.po,./frontend/yarn.lock -L childs,clen,fpr,inflight,ody,ot,ro,te,trys,ue`
 2022-10-04 10:40:34 +02:00
Andrey Antukh
41134f22e9 📎 Update license header 2022-09-20 23:23:22 +02:00
Andrey Antukh
9e4a50fb15 ♻️ Refactor backend to be more async friendly 2022-03-03 16:05:52 +01:00
Andrey Antukh
bf66b81702 Move dbg error http entrypoint handler to debug ns. 2021-12-30 16:01:36 +01:00
Andrey Antukh
220ab22115 🐛 Fix error reporting hook. 2021-12-27 11:30:22 +01:00
Andrey Antukh
c6054f7ab2 💄 Improve json namespace API (and fix linter). 2021-12-23 00:04:37 +01:00
Andrey Antukh
b64d5ef357 🎉 Add unified logging api. 2021-09-30 11:48:14 +02:00
Andrey Antukh
26b28e2364 🎉 Add sentry integration (on backend). 2021-09-17 15:26:18 +02:00
Andrés Moya
578c561473 🐛 Fix linter issues 2021-07-20 09:35:22 +02:00
Andrey Antukh
7c98336148 📎 Improve error reporting. 2021-07-15 16:50:32 +02:00
Andrey Antukh
e1e825f350 Do not initialize mattermost error reporter if no uri is provided. 2021-07-07 10:26:04 +02:00
Andrey Antukh
d4bf3ef6fd 📎 Remove mattermost mention-all workds from error report. 2021-05-27 13:29:29 +02:00
Andrey Antukh
c5fa8f560c 📎 Fix linter issues. 2021-05-09 12:28:38 +02:00
Andrey Antukh
4405bd95f9 🔥 Remove unused stacktrace. 2021-05-07 13:15:48 +02:00
Andrey Antukh
2138530f3e 🎉 Add profile-id on mattermost error reporter. 2021-05-06 18:46:26 +02:00
Andrey Antukh
94d94684c8 📎 Minor logging change on mattermost ns. 2021-05-06 18:46:26 +02:00
Andrey Antukh
f545e41d10 📎 Fix license header. 2021-04-12 16:49:43 +02:00
Andrey Antukh
e12a6e65a6 ♻️ Refactor logging. 2021-04-09 15:28:18 +02:00
Andrey Antukh
0926fbcbc6 ♻️ Minor code reorganization. 
Improves modularity and reusability and allows usage
of backend code as a library.
 2021-03-31 09:28:15 +02:00
Andrey Antukh
a63f28a2e5 Normalize logging messages on backend. 2021-02-22 14:50:01 +01:00
Andrey Antukh
de394a7d4e ♻️ Refactor LDAP auth backend. 
And reorganize oauth backend namespaces.
 2021-02-19 13:09:18 +01:00
Andrey Antukh
c1476d0397 🎉 Add optional loki integration. 
And refactor internal error reporting.
 2021-02-16 11:31:48 +01:00