odysseus

Salastil/odysseus

Fork 0

mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-28 23:52:09 -04:00

Commit Graph

Author	SHA1	Message	Date
Tal.Yuan	8066a8e0cd	refactor(routes): move gallery domain into routes/gallery subpackage (#4903 ) Move the gallery route domain into routes/gallery/ while preserving backward-compatible legacy import shims. - app imports the canonical gallery route module - canonical gallery route code imports canonical gallery helpers - legacy gallery route/helper paths remain compatibility aliases - add shim regression coverage for module identity and monkeypatch behavior - repoint gallery source-introspection tests to the canonical paths No intended behavior change.	2026-06-28 10:40:34 +01:00
Mubashir R	319ba50a44	fix: validate client-supplied image _endpoint to prevent SSRF (gallery proxies) (#1718 ) POST /api/image/harmonize and POST /api/image/inpaint read an `_endpoint` from the request body and issue server-side httpx POSTs to it with no validation. A caller can set `_endpoint` to http://169.254.169.254/ (cloud instance metadata) or any internal/loopback address the server can reach, turning these routes into an SSRF primitive. routes/embedding_routes.py already runs its user-supplied endpoint through src.url_safety.check_outbound_url; these two routes were missing the same guard. Validate `_endpoint` the same way before any outbound request: non-HTTP(S) schemes and the link-local metadata range are always rejected, and IMAGE_BLOCK_PRIVATE_IPS=true blocks private/loopback for full lockdown (the local-first default still allows LAN diffusion servers). Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-03 13:34:17 +09:00

Author

SHA1

Message

Date

Tal.Yuan

8066a8e0cd

refactor(routes): move gallery domain into routes/gallery subpackage (#4903 )

Move the gallery route domain into routes/gallery/ while preserving backward-compatible legacy import shims.

- app imports the canonical gallery route module
- canonical gallery route code imports canonical gallery helpers
- legacy gallery route/helper paths remain compatibility aliases
- add shim regression coverage for module identity and monkeypatch behavior
- repoint gallery source-introspection tests to the canonical paths

No intended behavior change.

2026-06-28 10:40:34 +01:00

Mubashir R

319ba50a44

fix: validate client-supplied image _endpoint to prevent SSRF (gallery proxies) (#1718 )

POST /api/image/harmonize and POST /api/image/inpaint read an `_endpoint` from
the request body and issue server-side httpx POSTs to it with no validation. A
caller can set `_endpoint` to http://169.254.169.254/ (cloud instance metadata)
or any internal/loopback address the server can reach, turning these routes into
an SSRF primitive.

routes/embedding_routes.py already runs its user-supplied endpoint through
src.url_safety.check_outbound_url; these two routes were missing the same guard.
Validate `_endpoint` the same way before any outbound request: non-HTTP(S)
schemes and the link-local metadata range are always rejected, and
IMAGE_BLOCK_PRIVATE_IPS=true blocks private/loopback for full lockdown (the
local-first default still allows LAN diffusion servers).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-03 13:34:17 +09:00

2 Commits