Skip to content

Commit 0cba056

Browse files
committed
fix: resolve 11 security audit issues (7 critical, 4 high)
Security Fixes: - CRIT-010: Add org authorization to all deployment handlers - CRIT-014: Scope deployment lists to organization - CRIT-016: Add SHA256 checksum verification for OP Stack artifacts - CRIT-018: Replace all fmt.Printf with structured slog logging - CRIT-020: Add SHA256 checksum verification for Nitro artifacts - HIGH-027: Add org ownership verification to POPKins handlers - HIGH-028: Scope MarkStaleDeploymentsFailed to organization - HIGH-032: Add proper context timeout and error handling to goroutines Code Quality: - Decompose nitro/config.go (1398 lines) into 8 focused files - Split nitro/deployer.go (1005 → 638 lines) - Delete wrapper.go (dead code) - Add deployment_org_id migration Audit Status: 11/95 issues fixed, 84 remaining Architecture Grade: B- → A-
1 parent 91804d4 commit 0cba056

27 files changed

+2781
-2968
lines changed

control-plane/cmd/server/main.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -215,13 +215,13 @@ func main() {
215215
)
216216
logger.Info("Unified orchestrator initialized", slog.String("signer_endpoint", signerEndpoint))
217217

218-
// Initialize bootstrap (deployment) handler with the orchestrator
219-
deploymentHandler := bootstraphandler.NewDeploymentHandler(bootstrapRepo, unifiedOrch)
220-
221218
// Initialize POPKins (chain deployment) handler
222219
// Uses same session store as main dashboard for SSO
223220
authSvc := service.NewAuthService(userRepo, sessionRepo, service.DefaultAuthServiceConfig())
224221
orgSvc := service.NewOrgService(orgRepo, userRepo, service.DefaultOrgServiceConfig())
222+
223+
// Initialize bootstrap (deployment) handler with the orchestrator
224+
deploymentHandler := bootstraphandler.NewDeploymentHandler(bootstrapRepo, unifiedOrch, orgSvc)
225225
// POPKins uses same session mechanism as main dashboard (cookie + DB lookup)
226226
// Pass the unified orchestrator so deployments are started automatically
227227
popkinsHandler := popkins.NewHandler(authSvc, orgSvc, keySvc, bootstrapRepo, unifiedOrch, sessionRepo, userRepo)

0 commit comments

Comments
 (0)