kaffa/cloud-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a8dd705e63775dccc486f34d2582b07a516b207
cloud-server/wrangler.toml
kappa 3a8dd705e6 refactor: comprehensive code review fixes (security, performance, QA) 
## Security Improvements
- Fix timing attack in verifyApiKey with fixed 256-byte buffer
- Fix sortOrder SQL injection with whitelist validation
- Fix rate limiting bypass for non-Cloudflare traffic (fail-closed)
- Remove stack trace exposure in error responses
- Add request_id for audit trail (X-Request-ID header)
- Sanitize origin header to prevent log injection
- Add content-length validation for /sync endpoint (10KB limit)
- Replace Math.random() with crypto.randomUUID() for sync IDs
- Expand sensitive data masking patterns (8 → 18)

## Performance Improvements
- Reduce rate limiter KV reads from 3 to 1 per request (66% reduction)
- Increase sync batch size from 100 to 500 (80% fewer batches)
- Fix health check N+1 query with efficient JOINs
- Fix COUNT(*) Cartesian product with COUNT(DISTINCT)
- Implement shared logger cache pattern across repositories
- Add CacheService singleton pattern in recommend.ts
- Add composite index for recommendation queries
- Implement Anvil pricing query batching (100 per chunk)

## QA Improvements
- Add BATCH_SIZE bounds validation (1-1000)
- Add pagination bounds (page >= 1, MAX_OFFSET = 100000)
- Add min/max range consistency validation
- Add DB reference validation for singleton services
- Add type guards for database result validation
- Add timeout mechanism for external API calls (10-60s)
- Use SUPPORTED_PROVIDERS constant instead of hardcoded list

## Removed
- Remove Vault integration (using Wrangler secrets)
- Remove 6-hour pricing cron (daily sync only)

## Configuration
- Add idx_instance_types_specs_filter composite index
- Add CORS Access-Control-Expose-Headers

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 23:50:37 +09:00

29 lines
562 B
TOML
Raw Blame History

name = "cloud-instances-api"
main = "src/index.ts"
compatibility_date = "2024-12-01"
# D1 Database Binding
[[d1_databases]]
binding = "DB"
database_name = "cloud-instances-db"
database_id = "bbcb472d-b25e-4e48-b6ea-112f9fffb4a8"
# KV Namespace for Rate Limiting
[[kv_namespaces]]
binding = "RATE_LIMIT_KV"
id = "15bcdcbde94046fe936c89b2e7d85b64"
# Environment Variables
[vars]
VAULT_URL = "https://vault.anvil.it.com"
SYNC_BATCH_SIZE = "100"
CACHE_TTL_SECONDS = "300"
LOG_LEVEL = "info"
CORS_ORIGIN = "*"
# Cron Triggers
[triggers]
crons = [
"0 0 * * *"
]
Reference in New Issue View Git Blame Copy Permalink