azaion/detections
1
0
Fork 0
mirror of https://github.com/azaion/detections.git synced 2026-04-22 08:56:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-178] Fix Critical/High security findings: auth, CVEs, non-root containers, per-job SSE

Browse Source 
- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass

Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-02 06:32:12 +03:00
parent dac350cbc5
commit 097811a67b
25 changed files with 369 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files
e2e/tests/test_tiling.py
+6 -4
View File
@@ -28,12 +28,13 @@ def _assert_no_same_label_near_duplicate_centers(detections):
@pytest.mark.slow
def test_ft_p_04_gsd_based_tiling_ac1(http_client, image_large, warm_engine):
def test_ft_p_04_gsd_based_tiling_ac1(http_client, image_large, warm_engine, auth_headers):
config = json.dumps(_GSD)
r = http_client.post(
"/detect",
"/detect/image",
files={"file": ("img.jpg", image_large, "image/jpeg")},
data={"config": config},
headers=auth_headers,
timeout=_TILING_TIMEOUT,
)
assert r.status_code == 200
@@ -43,12 +44,13 @@ def test_ft_p_04_gsd_based_tiling_ac1(http_client, image_large, warm_engine):
@pytest.mark.slow
def test_ft_p_16_tile_boundary_deduplication_ac2(http_client, image_large, warm_engine):
def test_ft_p_16_tile_boundary_deduplication_ac2(http_client, image_large, warm_engine, auth_headers):
config = json.dumps({**_GSD, "big_image_tile_overlap_percent": 20})
r = http_client.post(
"/detect",
"/detect/image",
files={"file": ("img.jpg", image_large, "image/jpeg")},
data={"config": config},
headers=auth_headers,
timeout=_TILING_TIMEOUT,
)
assert r.status_code == 200