Keysat
988a3cca9a
Multi-user authorization hardening from a full security evaluation (EVALUATION.md):
- P0: /api/settings/{export,import}-db are now admin-only. Previously any signed-in user could download the whole instance DB (all bcrypt hashes + plaintext AI keys) or replace it wholesale. Per-user CSV export/import stays open.
- AI custom-URL providers (Ollama, OpenAI-compatible) are now admin-only, and every server fetch to a user-supplied URL passes through assertSafeProviderUrl (blocks link-local/cloud-metadata; private LAN allowed by design). Fixed-URL cloud providers stay per-user. Removed the dead legacy /api/ai/config route.
- Dev: fixed broken quick-start (added npm run create-admin; rewrote README; dropped dead CLAUDE_API_KEY) and the export-db 0-byte path resolution (resolveDatabasePath now matches Prisma).
ExVer bumped to 1.1.0:8 (no schema/data migration). Tests 197 pass, build green, tsc clean.
29 lines
982 B
TypeScript
29 lines
982 B
TypeScript
import path from "path";
|
|
|
|
export function resolveDatabasePath(): string {
|
|
const dbUrl = process.env.DATABASE_URL || "file:./data/app.db";
|
|
|
|
if (!dbUrl.startsWith("file:")) {
|
|
return path.resolve(process.cwd(), "prisma", "data", "app.db");
|
|
}
|
|
|
|
const rawPath = dbUrl.slice("file:".length);
|
|
|
|
if (path.isAbsolute(rawPath)) {
|
|
return rawPath;
|
|
}
|
|
|
|
// Prisma resolves a relative `file:` URL against the schema directory
|
|
// (prisma/), NOT the cwd. We must resolve it the same way, otherwise we
|
|
// can hand back a stray empty ./data/app.db (created by a cwd-relative
|
|
// `prisma db push`) while the live DB Prisma actually uses sits under
|
|
// prisma/data/ — which made export-db stream a 0-byte file in dev.
|
|
const normalized = rawPath.replace(/^\.\//, "");
|
|
return path.resolve(process.cwd(), "prisma", normalized);
|
|
}
|
|
|
|
export function getTimestampFileSuffix(now: Date = new Date()): string {
|
|
const iso = now.toISOString();
|
|
return iso.replace(/[:.]/g, "-");
|
|
}
|