security: fix hardcoded aes key, rate limiter shutdown, stale cache errors, body limit, session cookies

This commit is contained in:
2026-04-20 01:48:53 +02:00
parent bbf208b4bf
commit dccd9d8f59
7 changed files with 43 additions and 16 deletions

View File

@@ -236,7 +236,7 @@ func (h *Handler) HandleSaveProgress(w http.ResponseWriter, r *http.Request) {
}
var payload saveProgressRequest
if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {
if err := json.NewDecoder(io.LimitReader(r.Body, 4096)).Decode(&payload); err != nil {
http.Error(w, "invalid payload", http.StatusBadRequest)
return
}