feat: backend security base — single-instance + op-lock, SSRF guard, atomic config, disk preflight by Wangnov · Pull Request #76 · Wangnov/Codex-App-Manager

Wangnov · 2026-06-16T11:49:11Z

PR-1:后端安全基座。实现 4 个 issue,operation lock 是后续 PR 复用的地基。

实现(#59 #64 #66 #62)

缺少单实例锁与跨进程操作锁:Windows 上多开/并发改文件有损坏风险 #59 单实例 + 跨进程操作锁 + 一次性 token:tauri-plugin-single-instance(第二实例聚焦 + unminimize 现有窗,与最小化按钮协同);OS advisory 文件锁(fs4,崩溃自动释放、无脏锁)+ 进程内互斥 + RAII guard;破坏性命令(install/update/uninstall/adopt/set-root)全包 guard,并发拿不到锁即友好拒绝。
Security: validate custom update source URLs and reduce SSRF / unsafe protocol risk #64 SSRF 防护:source 改严格 enum(未知值不静默);url_guard 校验自定义源(只 https,拒 loopback/private/link-local/裸 IP/userinfo/云元数据/IPv4-mapped/ULA);5 处 curl 加 --proto =https --proto-redir =https(真正的下载侧闸门)。
Reliability: atomic settings/provenance writes and user-visible recovery for corrupted state #66 settings/provenance 原子写 + 损坏恢复:tmp+fsync+rename+.bak;load 容错(主→.bak→default+health,不静默);ConfigHealth 回传 UI + restore/reset 命令。
macOS 更新前缺少磁盘空间预检(Windows portable 已有对等检查) #62 macOS 磁盘预检:disk.rs 统一 available_space(unix statvfs);mac_space_budget + preflight 接入 stage/perform/install 下载前。

验收(Claude 把关,非 GPT 自判)

cargo build ✓;cargo test 32 passed / 0 failed(Claude 复跑确认;曾抓到并打回修复一处 operation-lock close-reopen race)。
SSRF 对抗用例真断言拒绝:云元数据 169.254.169.254、IPv4-mapped ::ffff:127.0.0.1、userinfo 混淆、ULA/link-local IPv6、CGNAT/benchmarking 全覆盖。
接入点核对:5 处 curl --proto、settings/provenance 原子写+健康恢复、mac 预检 3 处接入、命令注册齐全。

已知残留风险(spec 显式声明)

DNS rebinding / 域名解析到内网:本 PR 做 URL 形态校验 + curl 协议限制,未做 resolve-then-verify(未来加固项)。

Refs #59, #64, #66, #62

…-1 batch1]

… [PR-1 batch2]

chatgpt-codex-connector · 2026-06-16T11:49:19Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

… clippy warnings

… (clippy -D warnings)

Wangnov added 2 commits June 16, 2026 16:30

feat(backend): operation lock base + atomic-file/disk/paths utils [PR…

275debf

…-1 batch1]

feat(backend): atomic config writes, SSRF guard, macOS disk preflight…

1b7e708

… [PR-1 batch2]

Wangnov added 2 commits June 16, 2026 20:14

fix(oplock): hold long-lived lock fd to kill close-reopen race; clear…

565d9e2

… clippy warnings

fix(disk): gate test import on cfg(unix) to fix Windows unused-import…

f67fd3d

… (clippy -D warnings)

Wangnov merged commit 7d28137 into main Jun 16, 2026
3 checks passed

Wangnov deleted the pr1/backend-security-base branch June 20, 2026 12:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: backend security base — single-instance + op-lock, SSRF guard, atomic config, disk preflight#76

feat: backend security base — single-instance + op-lock, SSRF guard, atomic config, disk preflight#76
Wangnov merged 4 commits into
mainfrom
pr1/backend-security-base

Wangnov commented Jun 16, 2026

Uh oh!

chatgpt-codex-connector Bot commented Jun 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

Wangnov commented Jun 16, 2026

实现(#59 #64 #66 #62)

验收(Claude 把关,非 GPT 自判)

已知残留风险(spec 显式声明)

Uh oh!

chatgpt-codex-connector Bot commented Jun 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant