toolz/goplt

Files

0x1d ace9678f6c feat: reword phase to epic, update mkdocs

2025-11-05 09:28:33 +01:00

1.5 KiB

Raw Blame History

Story 6.5: Security Hardening

Metadata

Story ID: 6.5
Title: Security Hardening
Epic: 6 - Observability & Production Readiness
Status: Pending
Priority: High
Estimated Time: 5-6 hours
Dependencies: 1.5

Goal

Add comprehensive security hardening including security headers, input validation, and request size limits.

Description

This story implements security best practices including security headers, input validation, request size limits, and SQL injection protection.

Deliverables

1. Security Headers Middleware

X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security (if HTTPS)
Content-Security-Policy

2. Request Size Limits

Max body size (10MB default)
Max header size
Configurable limits

3. Input Validation

Use github.com/go-playground/validator
Validate all request bodies
Sanitize user inputs
Validation error responses

4. SQL Injection Protection

Use parameterized queries (Ent already does this)
Add linter rule to prevent raw SQL
Security scanning

Acceptance Criteria

Security headers are present
Request size limits are enforced
Input validation works
SQL injection protection is in place
Security headers are configurable

Files to Create/Modify

internal/server/middleware.go - Security headers middleware
internal/server/validation.go - Input validation
config/default.yaml - Add security config