Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v0.6.0 - Harden Security #55

Merged
merged 13 commits into from
Sep 7, 2024
Merged

v0.6.0 - Harden Security #55

merged 13 commits into from
Sep 7, 2024

Conversation

fullerzz
Copy link
Owner

@fullerzz fullerzz commented Aug 31, 2024
edited
Loading

Changes

  • Added new file operation_validator.py that contains the classes UploadValidator and UserCreationValidator
  • On file upload request, system now checks that user has uploaded less than the daily limit of bytes and that the user is whitelisted
  • Added start_time and end_time as optional parameters when using the DatabaseClient to query for all files

To Do

  • Add tests for new upload validations
  • Add tests for new start_time and end_time parameters for querying user's files

@fullerzz fullerzz self-assigned this Aug 31, 2024
@fullerzz
Copy link
Owner Author

This branch is currently deployed on the server. It prevents new users from being created and files from being uploaded until I can harden the sign-up process.

Worst Case Scenario

Bots find this site, create unlimited accounts, and upload content to my S3 bucket.

fullerzz
fullerzz commented Aug 31, 2024
View reviewed changes
src/smolvault/validators/operation_validator.py Outdated Show resolved Hide resolved
src/smolvault/main.py Show resolved Hide resolved
src/smolvault/clients/database.py Show resolved Hide resolved
@fullerzz fullerzz added the enhancement 🌟 New feature or request label Aug 31, 2024
@fullerzz
Polyfactory for Creating Mock Users (#59)
16a9455 
* wip: trying to isolate users from one another in test scenarios. todo: generate mock users using polyfactory

* upgraded packages

* fixed all tests except test_user_creation_limit

* added new factories.py file

* updated mypy ignore comment
@fullerzz
updated project version to 0.6.0
61835a2
@fullerzz
updated requirements and added pyinvoke task for updating requirement…
c16c523 
…s.txt with the deps from uv's lockfile
@fullerzz fullerzz changed the title Harden Security v0.6.0 - Harden Security Sep 7, 2024
@fullerzz fullerzz merged commit 108c4ee into main Sep 7, 2024
4 checks passed
@fullerzz fullerzz deleted the enhance-security branch September 7, 2024 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@fullerzz fullerzz

Labels
enhancement 🌟 New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fullerzz