lerkolabs/uptop
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(security): phase 3 medium reliability and hardening #28

Merged
lerko merged 1 commits from security/phase-3-reliability into main 2026-05-26 21:07:31 +00:00
Conversation 0 Commits 1 Files Changed 7
+125 -27
lerko commented 2026-05-26 20:58:36 +00:00
Owner
Copy Link
Copy Source

Summary

  • Migration error handling: Fail hard on non-"already exists" migration errors instead of silently logging
  • SSH key cache: 30s TTL cache for user public keys — no DB query per SSH auth attempt
  • DB connection pooling: MaxOpenConns(25), MaxIdleConns(5), ConnMaxLifetime(5m)
  • SQLite WAL mode: Enables concurrent reads during writes
  • History pruning optimization: Only prune when count exceeds 1100 (was running DELETE subquery on every single check)
  • Security headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Content-Security-Policy on all responses
  • CORS: UPTOP_CORS_ORIGIN env var for cross-origin access to /status/json
  • Request logging: Middleware logs method, path, status code, duration, client IP
  • Config file permissions: Export writes 0600 instead of 0644 (may contain alert credentials)
  • Pinned Docker images: golang:1.24-alpine3.21, alpine:3.21 (reproducible builds)
  • CalVer CI fix: Docker tag pattern matches 2026.05.1 format, passes build args for version injection

Deferred

  • 3.10 Context propagation: Store interface change would ripple across all implementations/mocks. Background fire-and-forget writes don't benefit from context cancellation. Better as standalone refactor.

New environment variables

Variable Default Description
UPTOP_CORS_ORIGIN (unset) Access-Control-Allow-Origin value for /status/json

Test plan

  • go build ./... passes
  • go test -race -timeout 120s ./... — all pass
  • golangci-lint run — 0 issues
## Summary - **Migration error handling**: Fail hard on non-"already exists" migration errors instead of silently logging - **SSH key cache**: 30s TTL cache for user public keys — no DB query per SSH auth attempt - **DB connection pooling**: MaxOpenConns(25), MaxIdleConns(5), ConnMaxLifetime(5m) - **SQLite WAL mode**: Enables concurrent reads during writes - **History pruning optimization**: Only prune when count exceeds 1100 (was running DELETE subquery on every single check) - **Security headers**: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Content-Security-Policy on all responses - **CORS**: `UPTOP_CORS_ORIGIN` env var for cross-origin access to `/status/json` - **Request logging**: Middleware logs method, path, status code, duration, client IP - **Config file permissions**: Export writes 0600 instead of 0644 (may contain alert credentials) - **Pinned Docker images**: `golang:1.24-alpine3.21`, `alpine:3.21` (reproducible builds) - **CalVer CI fix**: Docker tag pattern matches `2026.05.1` format, passes build args for version injection ### Deferred - **3.10 Context propagation**: Store interface change would ripple across all implementations/mocks. Background fire-and-forget writes don't benefit from context cancellation. Better as standalone refactor. ## New environment variables | Variable | Default | Description | |----------|---------|-------------| | `UPTOP_CORS_ORIGIN` | _(unset)_ | `Access-Control-Allow-Origin` value for `/status/json` | ## Test plan - [x] `go build ./...` passes - [x] `go test -race -timeout 120s ./...` — all pass - [x] `golangci-lint run` — 0 issues
lerko added 1 commit 2026-05-26 20:58:37 +00:00
fix(security): phase 3 medium reliability and hardening
CI / test (pull_request) Successful in 4m23s
Details
CI / lint (pull_request) Successful in 1m11s
Details
bd561d9a5e 
- Fail hard on critical migration errors (ignore only "already exists")
- Cache SSH user keys with 30s TTL (avoid DB query per auth attempt)
- Configure DB connection pooling (25 open, 5 idle, 5m lifetime)
- Enable SQLite WAL mode for concurrent read/write
- Optimize check history pruning (only prune above 1100 rows)
- Add security headers: X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy
- Add CORS policy on /status/json via UPTOP_CORS_ORIGIN env var
- Add HTTP request logging middleware (method, path, status, duration, IP)
- Fix config file permissions from 0644 to 0600
- Pin Docker images: golang:1.24-alpine3.21, alpine:3.21
- Fix Docker CI tag pattern for CalVer (was semver)
- Pass build args (VERSION, COMMIT, BUILD_DATE) to Docker build
lerko merged commit c50ec82dcb into main 2026-05-26 21:07:31 +00:00
lerko deleted branch security/phase-3-reliability 2026-05-26 21:07:31 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
lerko (Tyler Koenig)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lerkolabs/uptop#28
Delete Branch "security/phase-3-reliability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?