DocFast Session 41: Fixed BUG-046/047/048, off-site backups, Pro plan pricing research
This commit is contained in:
Hoid
parent
f811b49c0d
commit
b8c8a44d96
3 changed files with 69 additions and 9 deletions
|
|
@ -285,6 +285,28 @@ Container restart appears to have been clean. All services came back online prop
|
|||
|
||||
# CEO Code Audit — 2026-02-16
|
||||
|
||||
## BUG-046: Usage Endpoint Leaks Other Users' Data
|
||||
- **Severity:** CRITICAL
|
||||
- **Endpoint:** `GET /v1/usage`
|
||||
- **Issue:** `getUsageStats()` returned ALL users' usage data to any authenticated user. GDPR violation.
|
||||
- **Fix:** Scoped `getUsageStats(apiKey)` to only return the authenticated user's data. Route passes `req.apiKeyInfo.key`.
|
||||
- **Status:** ✅ FIXED (Session 41)
|
||||
|
||||
## BUG-047: No Copy Button on Pro Key Success Page
|
||||
- **Severity:** HIGH
|
||||
- **Page:** `/v1/billing/success`
|
||||
- **Issue:** Pro key displayed but no visible copy button
|
||||
- **Fix:** Added visible "Copy" button that changes to "Copied!" on click
|
||||
- **Status:** ✅ FIXED (Session 41)
|
||||
|
||||
## BUG-048: Change Email Modal Never Opens
|
||||
- **Severity:** HIGH
|
||||
- **Issue:** Footer "Change Email" links used `href="/#change-email"` but lacked `class="open-email-change"` that JS targets
|
||||
- **Fix:** Added `class="open-email-change"` to all Change Email links across all 4 HTML pages
|
||||
- **Status:** ✅ FIXED (Session 41)
|
||||
|
||||
---
|
||||
|
||||
## BUG-040: SSRF Vulnerability in URL→PDF Endpoint
|
||||
- **Severity:** HIGH
|
||||
- **Endpoint:** `POST /v1/convert/url`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue