yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: complete remaining remediation (#5, #8, #9)
Some checks failed
Security Checks / dependency-audit (push) Has been cancelled
Details
Security Checks / secret-scanning (push) Has been cancelled
Details
Security Checks / dockerfile-lint (push) Has been cancelled
Details

Browse Source 
#5 Gateway Trust Model:
- Token validation now uses protected endpoints, not health checks
- Unknown services rejected (no fallback to unprotected endpoint)
- Trust model documented in docs/trust-model.md

#8 CI Enforcement:
- Added .gitea/workflows/security.yml with:
  - Dependency audit (npm audit --audit-level=high for budget)
  - Secret scanning (checks for tracked .env/.db, hardcoded secrets)
  - Dockerfile lint (non-root USER, HEALTHCHECK presence)

#9 Performance Hardening:
- Budget /summary: 1-minute in-memory cache (avoids repeated account fan-out)
- Gateway /api/dashboard: 30-second per-user cache (50x faster on repeat)
- Inventory health endpoint added before auth middleware

Closes #5, #8, #9
This commit is contained in:
Yusuf Suleman
2026-03-29 10:13:00 -05:00
parent 72747668f9
commit 4ecd2336b5
5 changed files with 212 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
services/budget/server.js
View File

@@ -545,9 +545,16 @@ app.get('/transfer-payees', requireReady, async (_req, res) => {
}
});
// ---- Dashboard summary ----------------------------------------------------
// ---- Dashboard summary (cached) -------------------------------------------
let summaryCache = { data: null, expiresAt: 0 };
const SUMMARY_TTL_MS = 60 * 1000; // 1 minute cache
app.get('/summary', requireReady, async (_req, res) => {
// Return cached summary if fresh
if (summaryCache.data && Date.now() < summaryCache.expiresAt) {
return res.json(summaryCache.data);
}
try {
// Total balance across all accounts
const accounts = await api.getAccounts();
@@ -592,7 +599,7 @@ app.get('/summary', requireReady, async (_req, res) => {
.sort((a, b) => a.amount - b.amount) // most negative first
.slice(0, 10);
res.json({
const result = {
month,
totalBalance,
totalBalanceDollars: centsToDollars(totalBalance),
@@ -603,7 +610,9 @@ app.get('/summary', requireReady, async (_req, res) => {
topCategories,
accountCount: accounts.length,
transactionCount: allTxns.length,
});
};
summaryCache = { data: result, expiresAt: Date.now() + SUMMARY_TTL_MS };
res.json(result);
} catch (err) {
console.error('[budget] GET /summary error:', err);
res.status(500).json({ error: err.message });