security: LOW findings + fix .gitignore overmatch
- Swagger UI restricted to localhost only - Message content length limit (4000 chars max) on create + update - Bot/server/webhook ownership checks return 404 instead of 403 (prevents resource ID enumeration) - Fix .gitignore: /server instead of server to stop ignoring internal/server/ directory
This commit is contained in:
@@ -310,7 +310,7 @@ func (h *CommandHandler) verifyBotOwnership(r *http.Request, userID, botID strin
|
||||
return err
|
||||
}
|
||||
if ownerID != userID {
|
||||
return errForbidden
|
||||
return errNotFound
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user