admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 31 Wiki Activity
changemaker.lite/api/src/modules/docs/header-builder.schemas.ts
bunker-admin c192c04c79 Security audit: fix 25 findings across API, nginx, and Docker 
Addresses data exposure, access control, input validation, infrastructure
hardening, and supply chain security issues identified during audit.

Key changes:
- Strip internal fields from public campaign/profile/comment endpoints
- Restrict docs routes to CONTENT_ROLES, provisioning to SUPER_ADMIN
- Add SSE connection limits, social middleware fail-closed behavior
- Bind all non-nginx ports to 127.0.0.1, pin container image versions
- Add CSP header, conditional HSTS, token redaction in nginx logs
- Validate nav URLs, calendar schemas, video tracking batch events
- Reject default admin password placeholder, add SSRF protocol checks
- Exclude .env from Code Server, enforce RC admin password in compose
- Add Zod validation for achievement grant/revoke, webhook secret header
- Fix path traversal prefix attack, add calendar token expiry

Bunker Admin
2026-03-09 14:13:37 -06:00

34 lines
1.0 KiB
TypeScript
Raw Blame History

import { z } from 'zod';
export const headerNavItemSchema = z.object({
id: z.string().min(1),
label: z.string().min(1).max(50),
path: z.string().min(1).max(500)
.refine(
(v) => !/^(javascript|data|vbscript):/i.test(v),
'Dangerous URL scheme not allowed',
),
icon: z.string().max(50).optional(),
enabled: z.boolean(),
order: z.number().int().min(0),
type: z.enum(['builtin', 'custom']),
openInNewTab: z.boolean().optional(),
});
export const headerStyleSchema = z.object({
backgroundColor: z.string().max(500),
textColor: z.string().regex(/^#[0-9a-fA-F]{6}$/, 'Must be a hex color'),
hoverColor: z.string().max(100),
height: z.string().regex(/^\d+px$/, 'Must be in px format'),
});
export const headerConfigSchema = z.object({
enabled: z.boolean(),
items: z.array(headerNavItemSchema).max(20),
style: headerStyleSchema,
});
export type HeaderNavItem = z.infer<typeof headerNavItemSchema>;
export type HeaderStyle = z.infer<typeof headerStyleSchema>;
export type HeaderConfig = z.infer<typeof headerConfigSchema>;
Reference in New Issue View Git Blame Copy Permalink