Skip to content

Fix upstream audit findings#4027

Open
iuhl wants to merge 1 commit into
Wei-Shaw:mainfrom
iuhl:fix-upstream-audit-findings
Open

Fix upstream audit findings#4027
iuhl wants to merge 1 commit into
Wei-Shaw:mainfrom
iuhl:fix-upstream-audit-findings

Conversation

@iuhl

@iuhl iuhl commented Jul 11, 2026

Copy link
Copy Markdown

Summary

  • Fix OpenAI Fast/Flex user ID editing so blank rows are not submitted as invalid user ID 0, and validate non-empty IDs before saving.
  • Align admin en/zh locale leaf keys and add the missing OpenAI Fast/Flex user-scope keys.
  • Return io.ErrClosedPipe for non-empty writes after opsCaptureWriter is released.
  • Add the user subscription /subscriptions/:id/progress route with ownership checks.
  • Package model pricing fallback resources in GoReleaser Docker images and suppress the test-only G704 warning precisely.

Tests

  • go test ./internal/server/routes -run TestRegisterUserRoutes_SubscriptionProgressRoutes -count=1
  • go test ./internal/handler -run TestOpsCaptureWriter_NilInnerWriter_NoPanic -count=1
  • go test ./internal/server/middleware -run TestAPIKeyAuthForwardsUserScopedOpenAIFastPolicyToUpstream -count=1
  • go test ./internal/handler ./internal/server/middleware ./internal/server/routes
  • golangci-lint run ./internal/server/middleware ./internal/server/routes
  • pnpm --dir frontend run typecheck
  • pnpm --dir frontend run lint:check
  • pnpm --dir frontend run build
  • node locale leaf-key comparison script

Notes

  • A broader lint attempt with golangci-lint run ./internal/server/middleware ./internal/handler ./internal/server/routes hit a pre-existing staticcheck SA1019 warning in internal/handler/auth_oidc_oauth.go:1144, unrelated to this PR.
  • goreleaser is not installed in this environment, so Docker release config was checked by verifying referenced resource paths rather than running goreleaser check.

@github-actions

Copy link
Copy Markdown
Contributor

Thank you for your contribution! Before we can merge this PR, we need you to sign our Contributor License Agreement (CLA).

To sign, please reply with the following comment:

I have read the CLA Document and I hereby sign the CLA

You only need to sign once — it will be valid for all your future contributions to this project.


I have read the CLA Document and I hereby sign the CLA


周淮安 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant