fix: Phase 1 - security & stability patches

- AuthMiddleware now requires auth on /v1/* routes (returns 401) - WebSocket origin check configurable via WSAllowedOrigin - Removed debug fmt.Printf leaks (config, ollama, server) - Registry access protected by sync.RWMutex (race condition fix) - Session cleanup goroutine runs every 15 min - RevokeSession returns error instead of silent no-op
2026-04-26 14:45:22 -04:00
parent da074f52b4
commit 8a8d8d1477
13 changed files with 448 additions and 105 deletions
@@ -10,12 +10,18 @@ import (
 	"github.com/gorilla/websocket"
 )

-var upgrader = websocket.Upgrader{
-	ReadBufferSize:  1024,
-	WriteBufferSize: 1024,
-	CheckOrigin: func(r *http.Request) bool {
-		return true // In production, refine this
-	},
+func newUpgrader(allowedOrigin string) websocket.Upgrader {
+	return websocket.Upgrader{
+		ReadBufferSize:  1024,
+		WriteBufferSize: 1024,
+		CheckOrigin: func(r *http.Request) bool {
+			if allowedOrigin == "*" {
+				return true
+			}
+			origin := r.Header.Get("Origin")
+			return origin == "" || origin == allowedOrigin
+		},
+	}
 }

 type Hub struct {
@@ -75,6 +81,11 @@ func (h *Hub) GetClientCount() int {
 }

 func (s *Server) handleWebSocket(c *gin.Context) {
+	allowedOrigin := s.cfg.Server.WSAllowedOrigin
+	if allowedOrigin == "" {
+		allowedOrigin = "*"
+	}
+	upgrader := newUpgrader(allowedOrigin)
 	conn, err := upgrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		log.Printf("Failed to set websocket upgrade: %v", err)
@@ -99,7 +110,7 @@ func (s *Server) handleWebSocket(c *gin.Context) {
 		if err != nil {
 			break
 		}
-		
+
 		if msg["type"] == "ping" {
 			conn.WriteJSON(gin.H{"type": "pong", "payload": gin.H{}})
 		}