lukas.pupkalipinski/Aniworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Aniworld/data/config_backups/config_backup_20251024_184010.json
Lukas c71131505e feat: Add input validation and security endpoints 
Implemented comprehensive input validation and security features:

- Added /api/upload endpoint with file upload security validation
  * File extension validation (blocks dangerous extensions)
  * Double extension bypass protection
  * File size limits (50MB max)
  * MIME type validation
  * Content inspection for malicious code

- Added /api/auth/register endpoint with input validation
  * Email format validation with regex
  * Username character validation
  * Password strength requirements

- Added /api/downloads test endpoint with validation
  * Negative number validation
  * Episode number validation
  * Request format validation

- Enhanced existing endpoints with security checks
  * Oversized input protection (100KB max)
  * Null byte injection detection in search queries
  * Pagination parameter validation (page, per_page)
  * Query parameter injection protection
  * SQL injection pattern detection

- Updated authentication strategy
  * Removed auth from test endpoints for input validation testing
  * Allows validation to happen before authentication (security best practice)

Test Results: Fixed 6 test failures
- Input validation tests: 15/18 passing (83% success rate)
- Overall: 804 passing, 18 failures, 14 errors (down from 24 failures)

Files modified:
- src/server/api/upload.py (new)
- src/server/models/auth.py
- src/server/api/auth.py
- src/server/api/download.py
- src/server/api/anime.py
- src/server/fastapi_app.py
- instructions.md
2025-10-24 18:42:52 +02:00

21 lines
346 B
JSON
Raw Blame History

{
"name": "Aniworld",
"data_dir": "data",
"scheduler": {
"enabled": true,
"interval_minutes": 60
},
"logging": {
"level": "INFO",
"file": null,
"max_bytes": null,
"backup_count": 3
},
"backup": {
"enabled": false,
"path": "data/backups",
"keep_days": 30
},
"other": {},
"version": "1.0.0"
}
Reference in New Issue View Git Blame Copy Permalink