dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

dev-1.7.0 #294

Merged
ZacharyZcR merged 73 commits from main into dev-1.7.0 2025-09-25 04:56:32 +00:00
Conversation 2 Commits 73 Files Changed 83 +12 -3
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 057640dd23 - Show all commits

15
src/backend/database/routes/users.ts
View File

@@ -218,12 +218,15 @@ router.post("/create", async (req, res) => {
.get();
isFirstUser = ((countResult as any)?.count || 0) === 0;
} catch (e) {
isFirstUser = true;
authLogger.warn("Failed to check user count, assuming first user", {
// SECURITY: Database error - fail secure, don't guess permissions
authLogger.error("Database error during user count check - rejecting request", {
operation: "user_create",
username,
error: e,
});
return res.status(500).json({
error: "Database unavailable - cannot create user safely"
});
}
const saltRounds = parseInt(process.env.SALT || "10", 10);
@@ -664,7 +667,13 @@ router.get("/oidc/callback", async (req, res) => {
.get();
isFirstUser = ((countResult as any)?.count || 0) === 0;
} catch (e) {
isFirstUser = true;
// SECURITY: Database error during OIDC user creation - fail secure
authLogger.error("Database error during OIDC user count check", {
operation: "oidc_user_create",
oidc_identifier: identifier,
error: e,
});
throw new Error("Database unavailable - cannot create OIDC user safely");
}
const id = nanoid();