apunkt/omnigraph
1
0
Fork 0
mirror of https://github.com/ModernRelay/omnigraph.git synced 2026-06-09 01:35:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
omnigraph/crates
History
andrew c338e80180 Harden bearer auth: constant-time compare, hashed at rest, authoritative actor_id 
Fixes two live authz bugs in omnigraph-server:

- Bearer-token lookup previously used HashMap::get, which compares keys with
  Eq and short-circuits on the first differing byte — a network-observable
  timing oracle for brute-forcing tokens. Tokens are now stored as SHA-256
  digests and compared with subtle::ConstantTimeEq, iterating every entry
  unconditionally so total work is independent of which slot matches. Raw
  token bytes no longer live in server memory after startup.

- authorize_request now overwrites PolicyRequest.actor_id from the
  authenticated session instead of trusting the handler-supplied field,
  which previously defaulted to "" via unwrap_or_default(). The empty
  string can no longer reach Cedar as a policy subject even if a future
  refactor drops the None check.

External API of AppState constructors is unchanged — tokens still enter as
Vec<(String, String)> and are hashed on the way in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 01:41:02 +03:00
..
omnigraph Prepare v0.2.2 release 2026-04-14 20:13:00 +03:00
omnigraph-cli Polish schema endpoint: rename show, align field name, add tests 2026-04-18 00:30:46 +03:00
omnigraph-compiler Prepare v0.2.2 release 2026-04-14 20:13:00 +03:00
omnigraph-server Harden bearer auth: constant-time compare, hashed at rest, authoritative actor_id 2026-04-18 01:41:02 +03:00