apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-04-26 04:46:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

sec: fix C4/C5/M4/M5 + domain migration to syntrex.pro

Browse source 
C4: Remove localhost:9100 fallback from 27 dashboard files (use relative URLs)
C5: JWT token_type differentiation (access vs refresh) - middleware rejects refresh as Bearer
M4: Server-side registration gate via SOC_REGISTRATION_OPEN env var
M5: HTML tag stripping on name/org_name fields (XSS prevention)

Domain migration:
- users.go: admin@syntrex.pro
- zerotrust.go: SPIFFE trust domain
- sbom.go: namespace URL
- .env.production.example: all URLs updated
- identity_test.go: test email
This commit is contained in:
DmitrL-dev 2026-03-24 11:49:33 +10:00
parent 1b028099be
commit 62ecc1c7a3
7 changed files with 76 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/infrastructure/auth/users.go
View file

@ -64,11 +64,11 @@ func NewUserStore(db ...*sql.DB) *UserStore {
}
// Ensure default admin exists
if _, err := s.GetByEmail("admin@xn--80akacl3adqr.xn--p1acf"); err != nil {
if _, err := s.GetByEmail("admin@syntrex.pro"); err != nil {
hash, _ := bcrypt.GenerateFromPassword([]byte("syntrex-admin-2026"), bcrypt.DefaultCost)
admin := &User{
ID: generateID("usr"),
Email: "admin@xn--80akacl3adqr.xn--p1acf",
Email: "admin@syntrex.pro",
DisplayName: "Administrator",
Role: "admin",
Active: true,