lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc4ba703f0694f7268ef17d579ab446b07dd0c5d
BanGUI/backend/app
History
Lukas bc4ba703f0 Fix #34: Replace setup redirect allowlist prefix matching with explicit allowlist 
- Replace fragile startswith() matching with explicit path matching
- Split allowlist into _EXACT_ALLOWED (exact paths) and _PREFIX_ALLOWED (prefixes)
- Prefix paths MUST end with '/' to prevent matching unintended paths like /api/setup-debug
- Paths correctly matched: /api/setup, /api/health, /api/docs, /api/redoc, /api/openapi.json, /api/setup/timezone
- Paths correctly blocked: /api/setup-debug, /api/setup123, /api/jails
- Add comprehensive Setup Guard Route Policy documentation to Backend-Development.md
- Update line numbers in documentation to reflect current implementation

This prevents future route additions from accidentally bypassing the setup guard.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-29 19:45:42 +02:00
..
mappers
Standardize API response envelope shapes across all endpoints
2026-04-28 10:12:55 +02:00
middleware
Refactor backend architecture and update documentation
2026-04-26 14:52:23 +02:00
models
## 27) Error response body shape is inconsistent
2026-04-28 22:28:02 +02:00
repositories
Fix non-atomic setup persistence across DB contexts (Issue #30)
2026-04-29 19:19:53 +02:00
routers
Refactor backend configuration and authentication
2026-04-29 19:39:55 +02:00
services
Fix non-atomic setup persistence across DB contexts (Issue #30)
2026-04-29 19:19:53 +02:00
tasks
Add scheduled cleanup for rate limiter (#32)
2026-04-29 19:28:45 +02:00
utils
Refactor backend configuration and authentication
2026-04-29 19:39:55 +02:00
__init__.py
Sync backend/frontend versions to Docker/VERSION and read version from it
2026-03-19 19:13:38 +01:00
config.py
Refactor backend configuration and authentication
2026-04-29 19:39:55 +02:00
db.py
TASK-032: Implement geo_cache retention policy and cleanup
2026-04-26 19:24:34 +02:00
dependencies.py
Enforce repository boundary: Remove DbDep from routers
2026-04-28 07:35:23 +02:00
exceptions.py
## 27) Error response body shape is inconsistent
2026-04-28 22:28:02 +02:00
main.py
Fix #34: Replace setup redirect allowlist prefix matching with explicit allowlist
2026-04-29 19:45:42 +02:00
startup_dag.py
10) Implement explicit startup DAG for resource initialization
2026-04-28 08:08:05 +02:00
startup.py
Add scheduled cleanup for rate limiter (#32)
2026-04-29 19:28:45 +02:00