tenant-registry

platform/tenant-registry

Fork 0

Commit Graph

Author	SHA1	Message	Date
sharang	a83088e7e6	fix(audit): strip IPv6 brackets before INET insert ci / image (pull_request) Has been skipped Details ci / shared (pull_request) Successful in 8s Details ci / test (pull_request) Successful in 2m7s Details When a client connects over IPv6 loopback, net/http's RemoteAddr is '[::1]:port'. The previous clientIP() returned '[::1]' (brackets and all) which Postgres's INET type rejects with 'invalid input syntax for type inet: "[::1]" (SQLSTATE 22P02)'. Live local-smoke caught this — every state-changing endpoint emitted the audit event, the INSERT rolled back, and a warning landed in the log. The user-facing operation succeeded so the caller never noticed, but audit_log stayed empty. Fix: - Use net.SplitHostPort which returns IPv6 hosts without brackets. - Add stripBrackets() as a belt-and-braces for X-Forwarded-For headers that wrap the IP themselves (some proxies do). Refs: M4.2	2026-05-19 17:05:20 +02:00
sharang	ffab866c87	feat(api): M4.2 — REST surface + pgx Postgres store + OpenAPI 3.1 ci / shared (push) Successful in 6s Details ci / test (push) Successful in 1m15s Details ci / image (push) Has been skipped Details Full M4.2 deliverable: 16 endpoints (tenants CRUD + lifecycle, catalog, entitlements, API keys with argon2 hashing, audit append + filter), Store interface with pgx-backed Postgres + in-memory parallel implementations exercised by the same eachStore harness, openapi.yaml at 3.1 with kin-openapi contract test. M4.3 adds auth. Refs: M4.2	2026-05-19 10:51:59 +00:00

Author

SHA1

Message

Date

sharang

a83088e7e6

fix(audit): strip IPv6 brackets before INET insert

ci / image (pull_request) Has been skipped

Details

ci / shared (pull_request) Successful in 8s

Details

ci / test (pull_request) Successful in 2m7s

Details

When a client connects over IPv6 loopback, net/http's RemoteAddr is
'[::1]:port'. The previous clientIP() returned '[::1]' (brackets and
all) which Postgres's INET type rejects with
'invalid input syntax for type inet: "[::1]" (SQLSTATE 22P02)'.

Live local-smoke caught this — every state-changing endpoint emitted
the audit event, the INSERT rolled back, and a warning landed in the
log. The user-facing operation succeeded so the caller never noticed,
but audit_log stayed empty.

Fix:
  - Use net.SplitHostPort which returns IPv6 hosts without brackets.
  - Add stripBrackets() as a belt-and-braces for X-Forwarded-For
    headers that wrap the IP themselves (some proxies do).

Refs: M4.2

2026-05-19 17:05:20 +02:00

sharang

ffab866c87

feat(api): M4.2 — REST surface + pgx Postgres store + OpenAPI 3.1

ci / shared (push) Successful in 6s

Details

ci / test (push) Successful in 1m15s

Details

ci / image (push) Has been skipped

Details

Full M4.2 deliverable: 16 endpoints (tenants CRUD + lifecycle, catalog, entitlements, API keys with argon2 hashing, audit append + filter), Store interface with pgx-backed Postgres + in-memory parallel implementations exercised by the same eachStore harness, openapi.yaml at 3.1 with kin-openapi contract test. M4.3 adds auth.

Refs: M4.2

2026-05-19 10:51:59 +00:00

2 Commits