~netlandish/links-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH links] api: fix leaking of org follow/unfollow requests

Peter Sanchez <peter@netlandish.com>
Details
Message ID
<20260305234932.15616-1-peter@netlandish.com>
Sender timestamp
1772732970
DKIM signature
missing
Download raw message
9 hours ago
Patch: +5 -1 
when a user (un)follows an organization there is an audit log recorded
of this action for the user. However because of a filtering issue those
(un)follow logs can also be viewed by the organizations owner. This can
expose the origin users IP address. This filter adjustment will resolve
this issue.

Changelog-fixed: api fix to stop leaking of (un)follow auditlogs
Changelog-updated: api version to 0.11.1
---
 api/graph/schema.resolvers.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/graph/schema.resolvers.go b/api/graph/schema.resolvers.go
index 6146a0e..55e5c5a 100644
--- a/api/graph/schema.resolvers.go
+++ b/api/graph/schema.resolvers.go
@@ -5127,7 +5127,7 @@ func (r *queryResolver) Version(ctx context.Context) (*model.Version, error) {
	return &model.Version{
		Major:           0,
		Minor:           11,
		Patch:           0,
		Patch:           1,
		DeprecationDate: nil,
	}, nil
}
@@ -7046,6 +7046,10 @@ func (r *queryResolver) GetAuditLogs(ctx context.Context, input *model.AuditLogI
		opts.Filter = sq.And{
			opts.Filter,
			sq.Eq{"(al.metadata->>'org_id')": org.ID},
			sq.NotEq{"al.event_type": []string{
				models.LOG_ORG_FOLLOW,
				models.LOG_ORG_UNFOLLOW,
			}},
		}
	}

-- 
2.52.0
Peter Sanchez <peter@netlandish.com>
Details
Message ID
<DGV92FI4ZRP4.BBNU0FPVVW7V@netlandish.com>
In-Reply-To
<20260305234932.15616-1-peter@netlandish.com> (view parent)
Sender timestamp
1772733024
DKIM signature
missing
Download raw message
9 hours ago 
Applied.

To git@git.code.netlandish.com:~netlandish/links
   35b62fa..1bc342d  master -> master
Reply to thread Export thread (mbox)