#hardened service proxy route with path whitelisting

[Dargon789]

Reviewer's Guide

This PR hardens service proxy routes with explicit path whitelisting, adjusts GitHub issue templates, fixes a front-end redirect bug, tidies an existing CI config, and adds a suite of CI/CD workflows alongside a new security policy.

Sequence diagram for hardened service proxy route with path whitelisting

sequenceDiagram
participant Client
participant AccelerationRoutes
participant logger
participant MempoolService

Client->>AccelerationRoutes: Request to /api/v1/services/{path}
AccelerationRoutes->>AccelerationRoutes: Extract userPath
AccelerationRoutes->>AccelerationRoutes: Check allowedPaths whitelist
alt Path allowed
    AccelerationRoutes->>MempoolService: Forward request to whitelisted path
    MempoolService-->>AccelerationRoutes: Return response
    AccelerationRoutes-->>Client: Send response
else Path not allowed
    AccelerationRoutes->>logger: Log invalid path
    AccelerationRoutes-->>Client: Return 400 error
end

Loading

Class diagram for updated AccelerationRoutes service proxy methods

classDiagram
class AccelerationRoutes {
  - $getAcceleratorAccelerationsHistoryAggregated(req, res)
  - $getAcceleratorAccelerationsStats(req, res)
  - $getAcceleratorEstimate(req, res)
  + allowedPaths: {accelerations, accelerations/history, accelerations/stats, estimate}
}
class logger {
  + err(message, tag)
}
AccelerationRoutes --> logger: logs errors

Loading

File-Level Changes

Change	Details	Files
Secure and validate accelerator route paths in the backend	Define an allowedPaths map listing permitted endpoints Extract userPath from the incoming URL and look up safePath Log and return a 400 error for invalid paths Construct the external service URL using safePath instead of raw originalUrl	backend/src/api/acceleration/acceleration.routes.ts
Enhance GitHub issue templates with metadata fields	Wrap the name field in quotes for proper YAML parsing Add title, labels, and assignees fields to bug and feature templates Introduce a custom issue template file with standard front matter	.github/ISSUE_TEMPLATE/00-bug-issue.md .github/ISSUE_TEMPLATE/30-feature-request.md .github/ISSUE_TEMPLATE/custom.md
Fix demo redirect URL logic in the frontend	Replace use of params.next with the computed path[index] value in window.location.replace	frontend/src/app/shared/common.utils.ts
Correct formatting in the existing CI workflow	Remove stray backslash and ensure newline at end of file	.github/workflows/ci.yml
Add comprehensive CI/CD workflows for multiple environments	Google Cloud GKE build and deploy (google.yml) Octopus Deploy pipeline (octopusdeploy.yml) Next.js site deployment to GitHub Pages (nextjs.yml) Jekyll site deployment to GitHub Pages (jekyll-gh-pages.yml) Static content deployment to GitHub Pages (static.yml) Basic custom CI workflow (ci_own.yml) Rust build workflow via GitHub Actions (rust.yml) CircleCI workflows for Rust/Cargo and a simple hello job (.circleci/cargo.yml, .circleci/config.yml)	.github/workflows/google.yml .github/workflows/octopusdeploy.yml .github/workflows/nextjs.yml .github/workflows/jekyll-gh-pages.yml .github/workflows/static.yml .github/workflows/ci_own.yml .github/workflows/rust.yml .circleci/cargo.yml .circleci/config.yml
Introduce a project security policy	Add SECURITY.md with supported versions table and vulnerability reporting guidance	SECURITY.md

Possibly linked issues

• Create cargo.yml #24: The PR adds the .circleci/cargo.yml file, implementing the Rust build-and-test job with formatting, testing, and caching, as requested in the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

Originally posted by @sourcery-ai[bot] in #37 (comment)