Snider/Mining
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Add security and resilience middleware

Browse source 
- SEC-MED-3: Add CSRF protection middleware for browser requests
- RESIL-MED-8: Add request timeout middleware (30s default)
- API-MED-7: Add Cache-Control headers for appropriate endpoints
- Update CORS to allow X-Requested-With header

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
snider 2025-12-31 15:54:37 +00:00
parent 3d8247c757
commit 09df6f0e4f
4 changed files with 1014 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

307
miner/core/PARALLEL_CODE_REVIEW.md Normal file
View file

@ -0,0 +1,307 @@
# Parallel Code Review with Claude Code
A reproducible pattern for running multiple Opus code reviewers in parallel across different domains of a codebase.
---
## Overview
This technique spawns 6-10 specialized code review agents simultaneously, each focused on a specific domain. Results are consolidated into a single TODO.md with prioritized findings.
**Best for:**
- Large C/C++/Go/Rust codebases
- Security audits
- Pre-release quality gates
- Technical debt assessment
---
## Step 1: Define Review Domains
Analyze your codebase structure and identify 6-10 logical domains. Each domain should be:
- Self-contained enough for independent review
- Small enough to review thoroughly (5-20 key files)
- Aligned with architectural boundaries
### Example Domain Breakdown (C++ Miner)
```
1. Entry Point & App Lifecycle -> src/App.cpp, src/xmrig.cpp
2. Core Controller & Miner -> src/core/
3. CPU Backend -> src/backend/cpu/, src/backend/common/
4. GPU Backends -> src/backend/opencl/, src/backend/cuda/
5. Crypto Algorithms -> src/crypto/
6. Network & Stratum -> src/base/net/stratum/, src/net/
7. HTTP REST API -> src/base/api/, src/base/net/http/
8. Hardware Access -> src/hw/, src/base/kernel/
```
---
## Step 2: Create Output File
Create a skeleton TODO.md to track progress:
```markdown
# Code Review Findings - [Project Name]
Generated: [DATE]
## Review Domains
- [ ] Domain 1
- [ ] Domain 2
...
## Critical Issues
_Pending review..._
## High Priority Issues
_Pending review..._
## Medium Priority Issues
_Pending review..._
```
---
## Step 3: Launch Parallel Reviewers
Use this prompt template for each domain. Launch ALL domains simultaneously in a single message with multiple Task tool calls.
### Reviewer Prompt Template
```
You are reviewing the [LANGUAGE] [PROJECT] for enterprise quality. Focus on:
**Domain: [DOMAIN NAME]**
- `path/to/file1.cpp` - description
- `path/to/file2.cpp` - description
- `path/to/directory/` - description
Look for:
1. Memory leaks, resource management issues
2. Thread safety and race conditions
3. Error handling gaps
4. Null pointer dereferences
5. Security vulnerabilities
6. Input validation issues
Report your findings in a structured format with:
- File path and line number
- Issue severity (CRITICAL/HIGH/MEDIUM/LOW)
- Confidence percentage (only report issues with 80%+ confidence)
- Description of the problem
- Suggested fix
Work from: /absolute/path/to/project
```
### Launch Command Pattern
```
Use Task tool with:
- subagent_type: "feature-dev:code-reviewer"
- run_in_background: true
- description: "Review [Domain Name]"
- prompt: [Template above filled in]
Launch ALL domains in ONE message to run in parallel.
```
---
## Step 4: Collect Results
After launching, wait for all agents to complete:
```
Use TaskOutput tool with:
- task_id: [agent_id from launch]
- block: true
- timeout: 120000
```
Collect all results in parallel once agents start completing.
---
## Step 5: Consolidate Findings
Structure the final TODO.md with this format:
```markdown
# Code Review Findings - [Project] Enterprise Audit
**Generated:** YYYY-MM-DD
**Reviewed by:** N Parallel Opus Code Reviewers
---
## Summary
| Domain | Critical | High | Medium | Total |
|--------|----------|------|--------|-------|
| Domain 1 | X | Y | Z | N |
| Domain 2 | X | Y | Z | N |
| **TOTAL** | **X** | **Y** | **Z** | **N** |
---
## Critical Issues
### CRIT-001: [Short Title]
- **File:** `path/to/file.cpp:LINE`
- **Domain:** [Domain Name]
- **Confidence:** XX%
[Description of the issue]
**Fix:** [Suggested fix]
---
[Repeat for each critical issue]
## High Priority Issues
### HIGH-001: [Short Title]
- **File:** `path/to/file.cpp:LINE`
- **Domain:** [Domain Name]
- **Confidence:** XX%
[Description]
---
## Medium Priority Issues
[Same format]
---
## Recommended Priority Order
### Immediate (Security Critical)
1. CRIT-XXX: [title]
2. CRIT-XXX: [title]
### This Week (Data Integrity)
3. CRIT-XXX: [title]
4. HIGH-XXX: [title]
### Next Sprint (Stability)
5. HIGH-XXX: [title]
### Backlog (Quality)
- MED-XXX items
---
## Review Completion Status
- [x] Domain 1 - N issues found
- [x] Domain 2 - N issues found
- [ ] Domain 3 - Review incomplete
**Total Issues Identified: N**
```
---
## Domain-Specific Prompts
### For C/C++ Projects
```
Look for:
1. Memory leaks, resource management issues (RAII violations)
2. Buffer overflows, bounds checking
3. Thread safety and race conditions
4. Use-after-free, double-free
5. Null pointer dereferences
6. Integer overflow/underflow
7. Format string vulnerabilities
8. Uninitialized variables
```
### For Go Projects
```
Look for:
1. Goroutine leaks
2. Race conditions (run with -race)
3. Nil pointer dereferences
4. Error handling gaps (ignored errors)
5. Context cancellation issues
6. Channel deadlocks
7. Slice/map concurrent access
8. Resource cleanup (defer patterns)
```
### For Network/API Code
```
Look for:
1. Buffer overflows in protocol parsing
2. TLS/SSL configuration issues
3. Input validation vulnerabilities
4. Authentication/authorization gaps
5. Timing attacks in comparisons
6. Connection/request limits (DoS)
7. CORS misconfigurations
8. Information disclosure
```
### For Crypto Code
```
Look for:
1. Side-channel vulnerabilities
2. Weak random number generation
3. Key/secret exposure in logs
4. Timing attacks
5. Buffer overflows in crypto ops
6. Integer overflow in calculations
7. Proper constant-time operations
8. Key lifecycle management
```
---
## Tips for Best Results
1. **Be specific about file paths** - Give reviewers exact paths to focus on
2. **Set confidence threshold** - Only report 80%+ confidence issues
3. **Include context** - Mention the project type, language, and any special patterns
4. **Limit scope** - 5-20 files per domain is ideal
5. **Run in parallel** - Launch all agents in one message for efficiency
6. **Use background mode** - `run_in_background: true` allows parallel execution
7. **Consolidate immediately** - Write findings while context is fresh
---
## Example Invocation
```
"Spin up Opus code reviewers to analyze this codebase for enterprise quality.
Create a TODO.md with findings organized by severity."
```
This triggers:
1. Domain identification from project structure
2. Parallel agent launch (6-10 reviewers)
3. Result collection
4. Consolidated TODO.md generation
---
## Metrics
Typical results for a medium-sized project (50-100k LOC):
- **Time:** 3-5 minutes for full parallel review
- **Issues found:** 30-60 total
- **Critical:** 5-15 issues
- **High:** 15-25 issues
- **False positive rate:** ~10-15% (filtered by confidence threshold)

489
miner/core/TODO.md Normal file
View file

@ -0,0 +1,489 @@
# Code Review Findings - C++ Miner Core Enterprise Audit
**Generated:** 2025-12-31
**Reviewed by:** 8 Parallel Opus Code Reviewers
**Target:** XMRig-based C++ Miner Core
---
## Summary
| Domain | Critical | High | Medium | Total |
|--------|----------|------|--------|-------|
| Entry Point & App Lifecycle | 2 | 4 | 0 | 6 |
| Core Controller & Miner | 2 | 4 | 0 | 6 |
| CPU Backend | 3 | 3 | 3 | 9 |
| GPU Backends (OpenCL/CUDA) | 1 | 5 | 1 | 7 |
| Network & Stratum | 3 | 4 | 0 | 7 |
| HTTP REST API | 3 | 3 | 2 | 8 |
| **TOTAL** | **14** | **23** | **6** | **43** |
---
## Critical Issues
### CRIT-001: UV Event Loop Resource Leak on Failure
- **File:** `src/App.cpp:89-90`
- **Domain:** Entry Point & App Lifecycle
- **Confidence:** 95%
`uv_loop_close()` is called unconditionally without checking if handles are still active. Returns `UV_EBUSY` and leaks file descriptors, memory on every shutdown.
**Fix:** Add `uv_walk()` to close remaining handles before `uv_loop_close()`.
---
### CRIT-002: Process Object Lifetime Issue After Fork
- **File:** `src/xmrig.cpp:28,34` + `src/App_unix.cpp:42`
- **Domain:** Entry Point & App Lifecycle
- **Confidence:** 90%
`Process` object created on stack, pointer passed to `App`. After `fork()`, both parent and child have references to same memory with different meanings. Potential double-free/undefined behavior.
**Fix:** Use `unique_ptr` for clear ownership or ensure parent blocks until child stabilizes.
---
### CRIT-003: Use-After-Free in Controller::stop()
- **File:** `src/core/Controller.cpp:75-83`
- **Domain:** Core Controller
- **Confidence:** 90%
Network destroyed before Miner stopped. Miner may submit job results to destroyed Network.
```cpp
void Controller::stop() {
m_network.reset(); // WRONG: Network gone first
m_miner->stop(); // Accesses network!
}
```
**Fix:** Stop miner first, then destroy network.
---
### CRIT-004: Null Pointer Dereference in Controller::execCommand()
- **File:** `src/core/Controller.cpp:102-106`
- **Domain:** Core Controller
- **Confidence:** 95%
`miner()` and `network()` use assertions disabled in release builds. `m_miner` only initialized in `start()`, not `init()`. Early `execCommand()` calls crash.
**Fix:** Add runtime null checks before dereferencing.
---
### CRIT-005: Race Condition in NUMAMemoryPool::getOrCreate()
- **File:** `src/crypto/common/NUMAMemoryPool.cpp:88-97`
- **Domain:** CPU Backend
- **Confidence:** 95%
Check-then-act race: multiple threads can check `m_map.count(node)`, all see missing, all create new `MemoryPool` instances. Memory leaks + corruption of `std::map`.
**Fix:** Add mutex protection around entire check-insert operation.
---
### CRIT-006: Race Condition in MemoryPool::get()
- **File:** `src/crypto/common/MemoryPool.cpp:70-84`
- **Domain:** CPU Backend
- **Confidence:** 92%
`m_offset` and `m_refs` modified without synchronization. Multiple workers can receive overlapping memory regions.
**Fix:** Add mutex or use atomic operations.
---
### CRIT-007: cn_heavyZen3Memory Global Memory Leak
- **File:** `src/backend/cpu/CpuWorker.cpp:64,91-96,120-124`
- **Domain:** CPU Backend
- **Confidence:** 88%
Global `cn_heavyZen3Memory` allocated once, never freed. Algorithm changes leave gigabytes of huge pages allocated.
**Fix:** Add reference counting or smart pointer for shared CN_HEAVY memory.
---
### CRIT-008: Memory Leak on OpenCL Program Build Failure
- **File:** `src/backend/opencl/OclCache.cpp:51-54`
- **Domain:** GPU Backends
- **Confidence:** 95%
When `buildProgram()` fails after `createProgramWithSource()` succeeds, `cl_program` is released. But if `createProgramWithSource` returns nullptr edge case, subsequent code dereferences nullptr.
**Fix:** Add null check after createProgramWithSource.
---
### CRIT-009: Buffer Overflow Silent Truncation in LineReader
- **File:** `src/base/net/tools/LineReader.cpp:57-71`
- **Domain:** Network & Stratum
- **Confidence:** 90%
When data exceeds 64KB buffer, silently drops data. Leads to protocol desync, missed commands, DoS.
**Fix:** Log error and close connection on overflow.
---
### CRIT-010: Missing Null Check in Client::parseResponse()
- **File:** `src/base/net/stratum/Client.cpp:814-815`
- **Domain:** Network & Stratum
- **Confidence:** 85%
`error["message"].GetString()` called without checking if field exists. Potential segfault.
**Fix:** Use `Json::getString()` safe getter with fallback.
---
### CRIT-011: Race Condition in Client Socket Cleanup
- **File:** `src/base/net/stratum/Client.cpp:643-659`
- **Domain:** Network & Stratum
- **Confidence:** 82%
`delete m_socket` in `onClose()` while network callback may still be executing. Use-after-free.
**Fix:** Call `uv_read_stop()` before deleting socket.
---
### CRIT-012: Timing Attack in Token Authentication
- **File:** `src/base/api/Httpd.cpp:197`
- **Domain:** HTTP API
- **Confidence:** 100%
Uses `strncmp()` for token comparison - vulnerable to timing attacks. Attacker can extract API token character by character.
**Fix:** Use constant-time comparison function.
---
### CRIT-013: Overly Permissive CORS Configuration
- **File:** `src/base/net/http/HttpApiResponse.cpp:53-55`
- **Domain:** HTTP API
- **Confidence:** 95%
`Access-Control-Allow-Origin: *` allows any website to control miner via CSRF attacks.
**Fix:** Restrict CORS to trusted origins or remove entirely (localhost doesn't need CORS).
---
### CRIT-014: No HTTP Request Body Size Limit
- **File:** `src/base/net/http/HttpContext.cpp:261`
- **Domain:** HTTP API
- **Confidence:** 90%
HTTP body appended indefinitely. Memory exhaustion DoS via multi-gigabyte POST requests.
**Fix:** Add `MAX_BODY_SIZE` (e.g., 1MB) check in `on_body` callback.
---
## High Priority Issues
### HIGH-001: Static Log Destruction After UV Loop Close
- **File:** `src/App.cpp:123-130`
- **Domain:** Entry Point
- **Confidence:** 85%
`Log::destroy()` called while UV loop still running. Pending callbacks may access destroyed logging system.
---
### HIGH-002: No Error Handling on Fork Failure
- **File:** `src/App_unix.cpp:42-46`
- **Domain:** Entry Point
- **Confidence:** 88%
`fork()` failure returns silently with `rc = 1`. No error message logged.
---
### HIGH-003: Controller Stop Order Wrong
- **File:** `src/core/Controller.cpp:75-82`
- **Domain:** Core Controller
- **Confidence:** 82%
Shutdown order should be: stop miner -> destroy miner -> destroy network.
---
### HIGH-004: Missing Null Check in Console Read Callback
- **File:** `src/base/io/Console.cpp:67-76`
- **Domain:** Entry Point
- **Confidence:** 80%
`stream->data` cast to `Console*` without null check. Use-after-free during shutdown.
---
### HIGH-005: Data Race on Global Mutex in Miner
- **File:** `src/core/Miner.cpp:73,465,572,607`
- **Domain:** Core Controller
- **Confidence:** 85%
Global static mutex protects instance data. Multiple Miner instances would incorrectly share lock. Manual lock/unlock not exception-safe.
---
### HIGH-006: Missing VirtualMemory::init() Error Handling
- **File:** `src/core/Controller.cpp:48-62`
- **Domain:** Core Controller
- **Confidence:** 85%
Huge page allocation failure not detected. Leads to degraded performance or crashes when workers use uninitialized memory pool.
---
### HIGH-007: Memory Leak in Base::reload() on Exception
- **File:** `src/base/kernel/Base.cpp:254-279`
- **Domain:** Core Controller
- **Confidence:** 90%
Raw pointer `new Config()` leaked if `config->save()` throws exception.
---
### HIGH-008: Hashrate::addData() Race Condition
- **File:** `src/backend/common/Hashrate.cpp:185-199`
- **Domain:** CPU Backend
- **Confidence:** 90%
`m_top[index]` read-modify-write is not atomic. Torn reads, incorrect hashrate, potential OOB access.
---
### HIGH-009: CpuBackend Global Mutex for Instance Data
- **File:** `src/backend/cpu/CpuBackend.cpp:64,167-170`
- **Domain:** CPU Backend
- **Confidence:** 85%
Global `static std::mutex` shared across all CpuBackend instances. False contention.
---
### HIGH-010: Missing Alignment Check in CnCtx Creation
- **File:** `src/backend/cpu/CpuWorker.cpp:532-546`
- **Domain:** CPU Backend
- **Confidence:** 82%
No verification that `m_memory->scratchpad() + shift` is properly aligned. No bounds checking.
---
### HIGH-011: Exception Safety Issues in OclKawPowRunner::build()
- **File:** `src/backend/opencl/runners/OclKawPowRunner.cpp:193-198`
- **Domain:** GPU Backends
- **Confidence:** 90%
If `KawPow_CalculateDAGKernel` constructor throws, `m_program` from base class leaks.
---
### HIGH-012: Race Condition in OclSharedData::createBuffer()
- **File:** `src/backend/opencl/runners/tools/OclSharedData.cpp:36-55`
- **Domain:** GPU Backends
- **Confidence:** 85%
Window between checking `!m_buffer` and calling `OclLib::retain()` where buffer could be released.
---
### HIGH-013: Missing Null Check in OclRxJitRunner Kernel Creation
- **File:** `src/backend/opencl/runners/OclRxJitRunner.cpp:66-74`
- **Domain:** GPU Backends
- **Confidence:** 88%
If `loadAsmProgram()` throws after kernel allocation, `m_randomx_jit` leaks.
---
### HIGH-014: Potential Double-Free in OclSharedData::release()
- **File:** `src/backend/opencl/runners/tools/OclSharedData.cpp:133-140`
- **Domain:** GPU Backends
- **Confidence:** 82%
Buffers released without setting to nullptr. Double `release()` call could cause issues.
---
### HIGH-015: Unvalidated DAG Buffer Capacity
- **File:** `src/backend/opencl/runners/OclKawPowRunner.cpp:124-130`
- **Domain:** GPU Backends
- **Confidence:** 83%
No device free memory check before potentially multi-GB allocation.
---
### HIGH-016: TLS Certificate Timing Attack
- **File:** `src/base/net/stratum/Tls.cpp:169-187`
- **Domain:** Network & Stratum
- **Confidence:** 84%
Fingerprint comparison uses `strncasecmp` - should use constant-time comparison.
---
### HIGH-017: SOCKS5 Buffer Size Validation Missing
- **File:** `src/base/net/stratum/Socks5.cpp:29-48`
- **Domain:** Network & Stratum
- **Confidence:** 80%
Accesses `data[0]` and `data[1]` without confirming buffer contains at least 2 bytes.
---
### HIGH-018: Missing TLS Read Loop Timeout
- **File:** `src/base/net/stratum/Tls.cpp:130-136`
- **Domain:** Network & Stratum
- **Confidence:** 82%
`while(SSL_read())` loop unbounded. Static buffer not thread-safe.
---
### HIGH-019: Integer Overflow in Job Target Calculation
- **File:** `src/base/net/stratum/Job.cpp:113-132`
- **Domain:** Network & Stratum
- **Confidence:** 81%
Division by zero if target raw data is all zeros.
---
### HIGH-020: No HTTP Connection Limit
- **Files:** `src/base/net/http/HttpServer.cpp:43-59`, `HttpContext.cpp:74-94`
- **Domain:** HTTP API
- **Confidence:** 85%
Unlimited concurrent connections. Memory exhaustion DoS.
---
### HIGH-021: Missing HTTP Request Timeout
- **File:** `src/base/net/http/HttpContext.cpp`
- **Domain:** HTTP API
- **Confidence:** 90%
No timeout on request processing. Slowloris attack vector.
---
### HIGH-022: Restricted Mode Bypass Review Needed
- **File:** `src/base/api/Httpd.cpp:164-172`
- **Domain:** HTTP API
- **Confidence:** 85%
Restricted mode only blocks non-GET. Some GET endpoints may expose sensitive info.
---
### HIGH-023: Unchecked Backend Pointer in Miner::onTimer()
- **File:** `src/core/Miner.cpp:661-666`
- **Domain:** Core Controller
- **Confidence:** 80%
Backend validity not checked before `printHealth()` call during iteration.
---
## Medium Priority Issues
### MED-001: Workers::stop() Thread Join Order
- **File:** `src/backend/common/Workers.cpp:132-149`
- **Domain:** CPU Backend
- **Confidence:** 80%
Workers signaled to stop, then immediately deleted. No guarantee workers exited mining loops.
---
### MED-002: Thread::~Thread() macOS Resource Leak
- **File:** `src/backend/common/Thread.h:50,68`
- **Domain:** CPU Backend
- **Confidence:** 80%
macOS `pthread_join()` return value not checked.
---
### MED-003: Excessive Hashrate Polling Overhead
- **File:** `src/backend/common/Workers.cpp:79-114`
- **Domain:** CPU Backend
- **Confidence:** 85%
64+ virtual calls per tick for high thread counts. Consider batching.
---
### MED-004: Missing Error Handling in OclKawPowRunner::init()
- **File:** `src/backend/opencl/runners/OclKawPowRunner.cpp:201-207`
- **Domain:** GPU Backends
- **Confidence:** 85%
Partial initialization state left if `createCommandQueue()` or `createBuffer()` throws.
---
### MED-005: Information Disclosure via Error Messages
- **File:** `src/base/api/requests/HttpApiRequest.cpp:120-122`
- **Domain:** HTTP API
- **Confidence:** 80%
Detailed JSON parsing errors returned to clients.
---
### MED-006: Header Injection Potential
- **File:** `src/base/net/http/HttpContext.cpp:281-288`
- **Domain:** HTTP API
- **Confidence:** 80%
No explicit validation of header values for CRLF injection or length limits.
---
## Recommended Priority Order
### Immediate (Security Critical)
1. CRIT-012: Timing attack in API token auth
2. CRIT-013: CORS misconfiguration
3. CRIT-009: Buffer overflow silent truncation
4. CRIT-014: No body size limit
### This Week (Data Integrity)
5. CRIT-005: NUMAMemoryPool race condition
6. CRIT-006: MemoryPool race condition
7. CRIT-003: Controller::stop() order
8. HIGH-005: Miner mutex issues
### Next Sprint (Stability)
9. CRIT-001: UV loop resource leak
10. CRIT-002: Process lifetime after fork
11. HIGH-007: Base::reload() memory leak
12. HIGH-011-015: GPU resource management
### Backlog (Quality)
- All Medium priority items
- Performance optimizations
- Additional logging/monitoring
---
## Review Completion Status
- [x] Entry Point & App Lifecycle - 6 issues found
- [x] Core Controller & Miner - 6 issues found
- [x] CPU Backend - 9 issues found
- [x] GPU Backends (OpenCL/CUDA) - 7 issues found
- [x] Network & Stratum - 7 issues found
- [x] HTTP REST API - 8 issues found
- [ ] Crypto Algorithms - Review incomplete (agent scope confusion)
- [ ] Hardware Access - Review incomplete (agent scope confusion)
**Total Issues Identified: 43**

81
miner/proxy/TODO.md Normal file
View file

@ -0,0 +1,81 @@
# Code Review Findings - XMRig Proxy Enterprise Audit
**Generated:** 2025-12-31
**Reviewed by:** 8 Parallel Opus Code Reviewers
**Target:** XMRig-based C++ Stratum Proxy
---
## Review Domains
- [ ] Entry Point & App Lifecycle
- [ ] Core Controller & Config
- [ ] Proxy Core (Server, Miner, Login, Stats)
- [ ] Proxy TLS & Workers
- [ ] Splitter System (NiceHash, Simple, ExtraNonce, Donate)
- [ ] Network & Stratum Client
- [ ] HTTP/HTTPS & REST API
- [ ] Base I/O & Kernel Infrastructure
## Summary
| Domain | Critical | High | Medium | Total |
|--------|----------|------|--------|-------|
| Entry Point & App Lifecycle | - | - | - | - |
| Core Controller & Config | - | - | - | - |
| Proxy Core | - | - | - | - |
| Proxy TLS & Workers | - | - | - | - |
| Splitter System | - | - | - | - |
| Network & Stratum Client | - | - | - | - |
| HTTP/HTTPS & REST API | - | - | - | - |
| Base I/O & Kernel | - | - | - | - |
| **TOTAL** | **-** | **-** | **-** | **-** |
---
## Critical Issues
_Pending review..._
---
## High Priority Issues
_Pending review..._
---
## Medium Priority Issues
_Pending review..._
---
## Recommended Priority Order
### Immediate (Security Critical)
_Pending review..._
### This Week (Data Integrity)
_Pending review..._
### Next Sprint (Stability)
_Pending review..._
### Backlog (Quality)
_Pending review..._
---
## Review Completion Status
- [ ] Entry Point & App Lifecycle - Pending
- [ ] Core Controller & Config - Pending
- [ ] Proxy Core - Pending
- [ ] Proxy TLS & Workers - Pending
- [ ] Splitter System - Pending
- [ ] Network & Stratum Client - Pending
- [ ] HTTP/HTTPS & REST API - Pending
- [ ] Base I/O & Kernel - Pending
**Total Issues Identified: TBD**

138
pkg/mining/service.go
View file

@ -174,6 +174,132 @@ func logWithRequestID(c *gin.Context, level string, message string, fields loggi
}
}
// csrfMiddleware protects against CSRF attacks for browser-based requests.
// For state-changing methods (POST, PUT, DELETE), it requires one of:
// - Authorization header (API clients)
// - X-Requested-With header (AJAX clients)
// - Origin header matching allowed origins (already handled by CORS)
// GET requests are always allowed as they should be idempotent.
func csrfMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// Only check state-changing methods
method := c.Request.Method
if method == http.MethodGet || method == http.MethodHead || method == http.MethodOptions {
c.Next()
return
}
// Allow if Authorization header present (API client)
if c.GetHeader("Authorization") != "" {
c.Next()
return
}
// Allow if X-Requested-With header present (AJAX/XHR request)
if c.GetHeader("X-Requested-With") != "" {
c.Next()
return
}
// Allow if Content-Type is application/json (not sent by HTML forms)
contentType := c.GetHeader("Content-Type")
if strings.HasPrefix(contentType, "application/json") {
c.Next()
return
}
// Reject the request as potential CSRF
respondWithError(c, http.StatusForbidden, "CSRF_PROTECTION",
"Request blocked by CSRF protection",
"Include X-Requested-With header or use application/json content type")
c.Abort()
}
}
// DefaultRequestTimeout is the default timeout for API requests.
const DefaultRequestTimeout = 30 * time.Second
// Cache-Control header constants
const (
CacheNoStore = "no-store"
CacheNoCache = "no-cache"
CachePublic1Min = "public, max-age=60"
CachePublic5Min = "public, max-age=300"
)
// cacheMiddleware adds Cache-Control headers based on the endpoint.
func cacheMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// Only cache GET requests
if c.Request.Method != http.MethodGet {
c.Header("Cache-Control", CacheNoStore)
c.Next()
return
}
path := c.Request.URL.Path
// Static-ish resources that can be cached briefly
switch {
case strings.HasSuffix(path, "/available"):
// Available miners list - can be cached for 5 minutes
c.Header("Cache-Control", CachePublic5Min)
case strings.HasSuffix(path, "/info"):
// System info - can be cached for 1 minute
c.Header("Cache-Control", CachePublic1Min)
case strings.Contains(path, "/swagger"):
// Swagger docs - can be cached
c.Header("Cache-Control", CachePublic5Min)
default:
// Dynamic data (stats, miners, profiles) - don't cache
c.Header("Cache-Control", CacheNoCache)
}
c.Next()
}
}
// requestTimeoutMiddleware adds a timeout to request handling.
// This prevents slow requests from consuming resources indefinitely.
func requestTimeoutMiddleware(timeout time.Duration) gin.HandlerFunc {
return func(c *gin.Context) {
// Skip timeout for WebSocket upgrades and streaming endpoints
if c.GetHeader("Upgrade") == "websocket" {
c.Next()
return
}
if strings.HasSuffix(c.Request.URL.Path, "/events") {
c.Next()
return
}
// Create context with timeout
ctx, cancel := context.WithTimeout(c.Request.Context(), timeout)
defer cancel()
// Replace request context
c.Request = c.Request.WithContext(ctx)
// Channel to signal completion
done := make(chan struct{})
go func() {
c.Next()
close(done)
}()
select {
case <-done:
// Request completed normally
case <-ctx.Done():
// Timeout occurred
c.Abort()
respondWithError(c, http.StatusGatewayTimeout, ErrCodeTimeout,
"Request timed out", fmt.Sprintf("Request exceeded %s timeout", timeout))
}
}
}
// WebSocket upgrader for the events endpoint
var wsUpgrader = websocket.Upgrader{
ReadBufferSize: 1024,
@ -315,7 +441,7 @@ func (s *Service) InitRouter() {
"http://wails.localhost", // Wails desktop app (uses localhost origin)
},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Request-ID"},
AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Request-ID", "X-Requested-With"},
ExposeHeaders: []string{"Content-Length", "X-Request-ID"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
@ -328,6 +454,16 @@ func (s *Service) InitRouter() {
c.Next()
})
// Add CSRF protection for browser requests (SEC-MED-3)
// Requires X-Requested-With or Authorization header for state-changing methods
s.Router.Use(csrfMiddleware())
// Add request timeout middleware (RESIL-MED-8)
s.Router.Use(requestTimeoutMiddleware(DefaultRequestTimeout))
// Add cache headers middleware (API-MED-7)
s.Router.Use(cacheMiddleware())
// Add X-Request-ID middleware for request tracing
s.Router.Use(requestIDMiddleware())