mirror of
https://github.com/ClaperCo/Claper.git
synced 2026-07-09 20:09:55 +02:00
* Fix critical security vulnerabilities Address 5 critical findings from security audit: - Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content) - Escape URLs in format_body/1 to prevent reflected XSS via post messages - Add authorization check to form export endpoint (IDOR fix) - Replace String.to_atom/1 on user input with explicit whitelists (8 locations) - Add IP-based rate limiting on authentication endpoints via Hammer * Start rate limiter before endpoint in supervision tree * Update CHANGELOG
51 lines
1.6 KiB
Elixir
51 lines
1.6 KiB
Elixir
defmodule Claper.Application do
|
|
# See https://hexdocs.pm/elixir/Application.html
|
|
# for more information on OTP Applications
|
|
@moduledoc false
|
|
|
|
use Application
|
|
|
|
@impl true
|
|
def start(_type, _args) do
|
|
topologies = Application.get_env(:libcluster, :topologies) || []
|
|
oidc_config = Application.get_env(:claper, :oidc) || []
|
|
Oban.Telemetry.attach_default_logger()
|
|
|
|
children = [
|
|
{Cluster.Supervisor, [topologies, [name: Claper.ClusterSupervisor]]},
|
|
# Start the Ecto repository
|
|
Claper.Repo,
|
|
# Start the Telemetry supervisor
|
|
ClaperWeb.Telemetry,
|
|
# Start the PubSub system
|
|
{Phoenix.PubSub, name: Claper.PubSub},
|
|
# Start the rate limiter before the endpoint accepts requests
|
|
Claper.RateLimit,
|
|
# Start the Endpoint (http/https)
|
|
ClaperWeb.Presence,
|
|
ClaperWeb.Endpoint,
|
|
# Start a worker by calling: Claper.Worker.start_link(arg)
|
|
# {Claper.Worker, arg}
|
|
{Finch, name: Swoosh.Finch},
|
|
{Task.Supervisor, name: Claper.TaskSupervisor},
|
|
{Oidcc.ProviderConfiguration.Worker,
|
|
%{issuer: oidc_config[:issuer], name: Claper.OidcProviderConfig}},
|
|
{Oban, Application.fetch_env!(:claper, Oban)}
|
|
]
|
|
|
|
# See https://hexdocs.pm/elixir/Supervisor.html
|
|
# for other strategies and supported options
|
|
opts = [strategy: :one_for_one, name: Claper.Supervisor]
|
|
|
|
Supervisor.start_link(children, opts)
|
|
end
|
|
|
|
# Tell Phoenix to update the endpoint configuration
|
|
# whenever the application is updated.
|
|
@impl true
|
|
def config_change(changed, _new, removed) do
|
|
ClaperWeb.Endpoint.config_change(changed, removed)
|
|
:ok
|
|
end
|
|
end
|