mirror of
https://github.com/azaion/detections.git
synced 2026-04-22 07:06:32 +00:00
[AZ-178] Fix Critical/High security findings: auth, CVEs, non-root containers, per-job SSE
- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
+5
-3
@@ -1,5 +1,8 @@
|
||||
fastapi
|
||||
uvicorn[standard]
|
||||
fastapi==0.135.2
|
||||
uvicorn[standard]==0.42.0
|
||||
PyJWT==2.12.1
|
||||
h11==0.16.0
|
||||
python-multipart>=1.3.1
|
||||
Cython==3.2.4
|
||||
opencv-python==4.10.0.84
|
||||
numpy==2.3.0
|
||||
@@ -7,6 +10,5 @@ onnxruntime==1.22.0
|
||||
pynvml==12.0.0
|
||||
requests==2.32.4
|
||||
loguru==0.7.3
|
||||
python-multipart
|
||||
av==14.2.0
|
||||
xxhash==3.5.0
|
||||
|
||||
Reference in New Issue
Block a user