snapapi: session 54 — cancelled tier fix, security improvements, 338 tests
This commit is contained in:
Hoid
parent
e4d9233ab7
commit
9a16f5e7da
10 changed files with 179 additions and 18 deletions
|
|
@ -1,5 +1,57 @@
|
|||
# SnapAPI Session Log
|
||||
|
||||
## Session 54 — 2026-03-04 09:00 CET (Business Logic & Security Fixes)
|
||||
|
||||
**Goal:** Fix discovered business logic bug + security improvements.
|
||||
|
||||
**Health Check:**
|
||||
- Production: ✅ healthy, 2 replicas, 6+ days uptime (still v0.5.2, VULNERABLE)
|
||||
- Staging: ✅ healthy, deployed 9575d31
|
||||
|
||||
**Work Done:**
|
||||
|
||||
### 1. BUG-017: Cancelled subscriptions get free tier (MEDIUM) — sub-agent: snapapi-dev-fixes
|
||||
- `downgradeByCustomer()` was setting tier to `'free'` (100 req/mo) instead of blocking access
|
||||
- Added `'cancelled'` tier with 0-request limit
|
||||
- TDD: tests written first, 338 tests passing
|
||||
|
||||
### 2. BUG-018: Recovery endpoint logs full API keys (LOW)
|
||||
- Removed full key from logger call, only logs email now
|
||||
- Prevents key theft via log access
|
||||
|
||||
### 3. BUG-019: No rate limiting on billing endpoints (MEDIUM)
|
||||
- Added 10 req/15min IP rate limit on checkout/portal/recover
|
||||
- Webhook endpoint excluded (Stripe needs unrestricted access)
|
||||
- Rate limit headers returned in responses
|
||||
|
||||
### Confirmed: Production still vulnerable (BUG-016)
|
||||
- Tested `POST /v1/signup/free` on production — returns 200 + creates API key
|
||||
- Cleaned up test key from DB
|
||||
- Fixed on staging but NEEDS production deploy
|
||||
|
||||
**Test Suite:** 338 tests passing (up from 334), 1 pre-existing skip
|
||||
|
||||
**TDD Compliance:** ✅ All tests written before implementation
|
||||
|
||||
**Git Commits:**
|
||||
- `9575d31` fix: cancelled tier, remove key logging, add billing rate limits
|
||||
|
||||
**Investor Test:**
|
||||
1. Stranger trust with money? **Yes on staging**
|
||||
2. Data loss on crash? **No** (CNPG PostgreSQL)
|
||||
3. Free tier abuse? **⚠️ YES on production** — /v1/signup/free still generates keys
|
||||
4. Key recovery? **Yes on staging**
|
||||
5. All website features work? **Yes on staging**
|
||||
|
||||
**⚠️ URGENT: Production deploy still needed.** BUG-016 (free signup) is a security vulnerability. No abuse detected but the endpoint is discoverable. Requesting investor approval for production deploy (staging → prod).
|
||||
|
||||
**Blockers:**
|
||||
- **Production deploy: URGENT** — security fix + all staging improvements
|
||||
- Stripe production webhook: needs investor
|
||||
- CI/CD: No Forgejo runner (manual docker build workaround)
|
||||
|
||||
---
|
||||
|
||||
## Session 53 — 2026-03-03 21:00 CET (Security Fix: Free Signup Route)
|
||||
|
||||
**Goal:** Evening housekeeping — discovered and fixed a security vulnerability.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue