groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
253 Commits 136 Branches 0 Tags
fix/gro-2187-portal-photokey-hijack
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Savannah Savings 21c678f72c
CI / Test (pull_request) Successful in 25s
Details
CI / Lint & Typecheck (pull_request) Successful in 26s
Details
CI / Build & Push Docker Images (pull_request) Successful in 58s
Details
fix(portal): drop writable photoKey from PATCH /portal/pets to close S3 key-hijack (GRO-2187 / GRO-2198) 
Security gate FAIL (Barkley, CTO-ratified): the portal pet PATCH mapped
`body.photoUrl -> updateData.photoKey` with no validation. photoKey is a
trusted S3 object key consumed server-side by getPresignedGetUrl (read) and
deleteObject (destructive); the upload path (pets.ts) already guards keys with
a pets/{petId}/ prefix to prevent hijacking. The portal PATCH bypassed that
guard, letting an authenticated customer point their pet's photoKey at any
object key (cross-tenant disclosure/destruction on a later staff action).

Fix (per CTO directive — smallest safe surface):
- Remove `photoUrl` from portalPetUpdateSchema and delete the
  `updateData.photoKey = body.photoUrl` mapping. Photo changes already have a
  dedicated, key-validated flow (upload + /photo/confirm). The web form's
  round-trip of the GET-shaped photoUrl is a no-op (Zod strips the unknown key).
- LOW hardening: cap preferredCuts (string max 2000, array max 50),
  medicalAlerts (array max 50) and medicalAlert type/description (max 2000),
  mirroring the existing free-text max(2000) caps.

Tests:
- New regression: foreign photoUrl on portal PATCH returns 200 but leaves
  photoKey unchanged (gate evidence).
- New: over-long medicalAlert description rejected (400, zValidator).
- Updated the existing "persists mapped columns" test: photoKey is no longer
  written by the portal PATCH.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-08 12:36:56 +00:00
.gitea/workflows
fix(ci): GRO-2197 api lint/typecheck/test run root scripts (de-false-green) (#169)
2026-06-08 11:09:33 +00:00
.github/workflows
fix(ci): build all service images + upgrade Node 22 + pin packageManager (GRO-1522)
2026-05-22 02:16:49 +00:00
apps/api
chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129) (#158)
2026-06-04 12:44:46 +00:00
packages
feat(GRO-2152): route optimization schema migration
2026-06-08 07:48:10 +00:00
src
fix(portal): drop writable photoKey from PATCH /portal/pets to close S3 key-hijack (GRO-2187 / GRO-2198)
2026-06-08 12:36:56 +00:00
.ci-trigger
chore: direct push CI trigger for GRO-1757 (b61d899f) to include in dev image
2026-05-26 00:45:05 +00:00
.dockerignore
Initial extraction: groombook/api from groombook/app monorepo
2026-05-02 21:10:21 +00:00
.editorconfig
Initial extraction: groombook/api from groombook/app monorepo
2026-05-02 21:10:21 +00:00
.env.example
Initial extraction: groombook/api from groombook/app monorepo
2026-05-02 21:10:21 +00:00
.gitignore
Merge dev into gitea/migrate-workflows (allow-unrelated-histories)
2026-05-21 01:24:41 +00:00
Dockerfile
fix(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)
2026-06-01 14:02:38 +00:00
eslint.config.js
Extract groombook/api from monorepo with CI workflow
2026-05-11 01:26:56 +00:00
package.json
merge: resolve conflicts with dev (keep Node 22 + add Gitea CI images)
2026-05-22 02:58:11 +00:00
pnpm-lock.yaml
fix: add better-auth to pnpm-lock.yaml packages/db specifiers
2026-05-22 13:11:39 +00:00
pnpm-workspace.yaml
fix(docker): add missing pnpm-workspace.yaml COPY in deps and runner stages
2026-05-14 16:50:52 +00:00
README.md
Merge dev into gitea/migrate-workflows (allow-unrelated-histories)
2026-05-21 01:24:41 +00:00
renovate.json
chore: add Renovate config
2026-05-14 17:42:22 +00:00
tsconfig.json
Extract groombook/api from monorepo with CI workflow
2026-05-11 01:26:56 +00:00
UAT_PLAYBOOK.md
feat(GRO-2154): geocoding endpoints + auto-geocode on client mutations (#170)
2026-06-08 11:45:08 +00:00
vitest.config.ts
fix: correct vitest alias paths for workspace packages
2026-05-11 01:34:12 +00:00

README.md

GroomBook API

GroomBook API service — extracted from the groombook/app monorepo.

Overview

This repository contains the GroomBook API service, including:

  • REST API endpoints
  • Database schema and migrations (via Drizzle ORM)
  • Authentication (via Better Auth)
  • Background job handlers

Structure

src/             # API service source
packages/db/     # Database schema, migrations, and utilities
packages/types/  # Shared TypeScript types

Setup

pnpm install
cp .env.example .env  # Fill in required environment variables
pnpm --filter @groombook/api dev

Docker

docker build -t ghcr.io/groombook/api:latest .
docker run -p 3000:3000 ghcr.io/groombook/api:latest

License

AGPL-3.0-only

Reference in New Issue View Git Blame Copy Permalink
S
Description
GroomBook API service (extracted from groombook/app monorepo)
Readme 3.8 MiB
Languages
TypeScript 99.3%
JavaScript 0.4%
Dockerfile 0.2%