tenant-registry

platform/tenant-registry

Fork 0

Commit Graph

Author	SHA1	Message	Date
sharang	635080c2fe	fix(audit): strip IPv6 brackets before INET insert When a client connects over IPv6 loopback, net/http's RemoteAddr is '[::1]:port'. The previous clientIP() returned '[::1]' (brackets and all) which Postgres's INET type rejects: 'invalid input syntax for type inet: "[::1]" (SQLSTATE 22P02)'. Live local-smoke caught this — every state-changing endpoint emitted the audit event, the AppendAudit INSERT rolled back, and the warning landed in the structured log. User-facing operation succeeded so the caller never noticed; the audit_log table stayed empty. Fix: - Use net.SplitHostPort which returns IPv6 hosts without brackets. - Add stripBrackets() as a belt-and-braces for X-Forwarded-For headers that wrap the IP themselves (some proxies do). Refs: M4.2	2026-05-19 17:04:36 +02:00
sharang	ffab866c87	feat(api): M4.2 — REST surface + pgx Postgres store + OpenAPI 3.1 ci / shared (push) Successful in 6s Details ci / test (push) Successful in 1m15s Details ci / image (push) Has been skipped Details Full M4.2 deliverable: 16 endpoints (tenants CRUD + lifecycle, catalog, entitlements, API keys with argon2 hashing, audit append + filter), Store interface with pgx-backed Postgres + in-memory parallel implementations exercised by the same eachStore harness, openapi.yaml at 3.1 with kin-openapi contract test. M4.3 adds auth. Refs: M4.2	2026-05-19 10:51:59 +00:00

Author

SHA1

Message

Date

sharang

635080c2fe

fix(audit): strip IPv6 brackets before INET insert

When a client connects over IPv6 loopback, net/http's RemoteAddr is
'[::1]:port'. The previous clientIP() returned '[::1]' (brackets and
all) which Postgres's INET type rejects:
'invalid input syntax for type inet: "[::1]" (SQLSTATE 22P02)'.

Live local-smoke caught this — every state-changing endpoint emitted
the audit event, the AppendAudit INSERT rolled back, and the warning
landed in the structured log. User-facing operation succeeded so the
caller never noticed; the audit_log table stayed empty.

Fix:
  - Use net.SplitHostPort which returns IPv6 hosts without brackets.
  - Add stripBrackets() as a belt-and-braces for X-Forwarded-For
    headers that wrap the IP themselves (some proxies do).

Refs: M4.2

2026-05-19 17:04:36 +02:00

sharang

ffab866c87

feat(api): M4.2 — REST surface + pgx Postgres store + OpenAPI 3.1

ci / shared (push) Successful in 6s

Details

ci / test (push) Successful in 1m15s

Details

ci / image (push) Has been skipped

Details

Full M4.2 deliverable: 16 endpoints (tenants CRUD + lifecycle, catalog, entitlements, API keys with argon2 hashing, audit append + filter), Store interface with pgx-backed Postgres + in-memory parallel implementations exercised by the same eachStore harness, openapi.yaml at 3.1 with kin-openapi contract test. M4.3 adds auth.

Refs: M4.2

2026-05-19 10:51:59 +00:00

2 Commits