paliad

m/paliad

Fork 0

Commit Graph

Author	SHA1	Message	Date
cronus	bcdd3d7a59	docs(audit): product audit + improvement roadmap (t-paliad-015) Post-Phase-A–J full-product audit: UX, code, content, architecture, ops. 5 Critical findings (JWT signature bypass, dashboard Termine leak, parteien/termin delete policy gap, @hoganlovells-only email gate, CALDAV_ENCRYPTION_KEY missing from compose), 8 Important, 10 Polish, 11 Feature ideas, 14 tech-debt items. Each item has a file reference and a concrete fix. Top-two exploit-paths (detailed in §1): 1. internal/auth/auth.go:178 — middleware decodes JWT exp but never verifies the signature; sub-claim is trusted downstream by every service. Any authenticated cookie → impersonate any user. 2. internal/services/dashboard_service.go:245 — personal Termine leaked cross-user on the /dashboard "Kommende Termine" list (missing created_by filter on the akte_id IS NULL branch).	2026-04-18 01:22:23 +02:00

Author

SHA1

Message

Date

cronus

bcdd3d7a59

docs(audit): product audit + improvement roadmap (t-paliad-015)

Post-Phase-A–J full-product audit: UX, code, content, architecture,
ops. 5 Critical findings (JWT signature bypass, dashboard Termine
leak, parteien/termin delete policy gap, @hoganlovells-only email
gate, CALDAV_ENCRYPTION_KEY missing from compose), 8 Important, 10
Polish, 11 Feature ideas, 14 tech-debt items. Each item has a file
reference and a concrete fix.

Top-two exploit-paths (detailed in §1):
  1. internal/auth/auth.go:178 — middleware decodes JWT exp but never
     verifies the signature; sub-claim is trusted downstream by every
     service. Any authenticated cookie → impersonate any user.
  2. internal/services/dashboard_service.go:245 — personal Termine
     leaked cross-user on the /dashboard "Kommende Termine" list
     (missing created_by filter on the akte_id IS NULL branch).

2026-04-18 01:22:23 +02:00

1 Commits