Security hardening
- Remove OwnerUserId from BudgetDto: OIDC sub of the budget owner was
being returned to all collaborators (including View-only users)
- Remove SharedWithUserId from ShareDto: other users' internal OIDC subs
were visible to anyone with read access to a budget
- Delete MeController: scaffolding endpoint that returned sub to the
browser; no legitimate frontend use case
- Restrict /healthz to require authorization: prevents unauthenticated
probing of database connectivity
- Add input validation annotations to all request DTOs: [Required],
[MaxLength], [Range(0,0.9999)] on EffectiveTaxRate, [EmailAddress] on
share email — [ApiController] now returns 400 instead of 500 for
invalid input hitting DB constraints
- Replace User.FindFirst("sub")!.Value with GetUserId() extension across
all controllers: returns 401 instead of NullReferenceException (500)
if a token lacks a sub claim
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Spencer Twaddle
@@ -43,7 +43,6 @@ export interface OutgoDto {
|
||||
export interface BudgetDto {
|
||||
id: string;
|
||||
name: string;
|
||||
ownerUserId: string;
|
||||
effectiveTaxRate: number;
|
||||
createdAt: string;
|
||||
updatedAt: string;
|
||||
@@ -51,7 +50,6 @@ export interface BudgetDto {
|
||||
|
||||
export interface ShareDto {
|
||||
id: string;
|
||||
sharedWithUserId: string | null;
|
||||
sharedWithEmail: string;
|
||||
permission: SharePermission;
|
||||
isPending: boolean;
|
||||
|
||||
Reference in New Issue
Block a user