Pulse/internal/api
rcourtman 74c426b87a feat: implement allowlist-based SSH config validation per Codex review
Security improvements to HandleSSHConfig endpoint:
- Add defer r.Body.Close() for proper resource cleanup
- Return 413 status for oversized requests with errors.As check
- Switch from blocklist to allowlist-based directive validation
- Use case-insensitive parsing with comment stripping via bufio.Scanner
- Add Content-Type: application/json header to response

Codex identified that blocklist approach was insufficient and recommended
allowlist validation to prevent unexpected directives. Only permits the
specific SSH directives Pulse needs for ProxyJump configuration.
2025-10-18 23:27:14 +00:00
..
alerts.go Ref #556: adjust alert history range handling 2025-10-15 18:41:06 +00:00
alerts_test.go Allow printable alert IDs for acknowledgements (#550) 2025-10-14 16:48:22 +00:00
auth.go feat: enhance sensor proxy with improved cluster discovery and SSH management 2025-10-17 11:43:26 +00:00
config_handlers.go fix: harden SSH config endpoint per Codex security review 2025-10-18 23:21:59 +00:00
csrf_store.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
demo_middleware.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
diagnostics.go feat: enhance sensor proxy with improved cluster discovery and SSH management 2025-10-17 11:43:26 +00:00
DO_NOT_EDIT_FRONTEND_HERE.md Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
docker_agents.go feat: add docker agent command handling 2025-10-15 19:27:19 +00:00
frontend_embed.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
guest_metadata.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
middleware.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
notifications.go Add Apprise notification integration (#570) 2025-10-18 16:39:39 +00:00
oidc_handlers.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
oidc_service.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
rate_limit_config.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
ratelimit.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
README.md Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
recovery_tokens.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
router.go feat: automatic ProxyJump for turnkey temperature monitoring 2025-10-18 23:17:38 +00:00
router_integration_test.go fix: normalize version strings with build metadata in tests 2025-10-16 09:07:40 +00:00
security.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
security_oidc.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
security_setup_fix.go feat: streamline docker agent onboarding 2025-10-14 09:45:32 +00:00
security_tokens.go feat: add docker agent command handling 2025-10-15 19:27:19 +00:00
session_store.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
settings.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
system_settings.go feat: implement allowlist-based SSH config validation per Codex review 2025-10-18 23:27:14 +00:00
types.go Adjust backup and snapshot alert handling 2025-10-18 20:11:01 +00:00
updates.go Fix settings security tab navigation 2025-10-11 23:29:47 +00:00

Internal API Package

This directory contains the API server implementation for Pulse.

Important Note About frontend-modern/

The frontend-modern/ subdirectory that appears here is:

  • AUTO-GENERATED during builds
  • NOT the source code - just a build artifact
  • IN .gitignore - never committed
  • REQUIRED BY GO - The embed directive needs it here

Frontend Development Location

👉 Edit frontend files at: /opt/pulse/frontend-modern/src/

Why This Structure?

Go's //go:embed directive has limitations:

  1. Cannot use ../ paths to access parent directories
  2. Cannot follow symbolic links
  3. Must embed files within the Go module

This is a known Go limitation and our structure works around it.