cauldron

Sulkta-OSS/cauldron

Fork 0

Commit graph

Author	SHA1	Message	Date
Kayos	9f261e6b9e	audit-fixes: 3rd-pass LOW/INFO sweep (CSS injection, Origin RFC, next charset, env doc, session clear) Cobb requested all the small ones land before LAN testing. discover.html CVE-NEW3-2 (LOW): switched recipe card image from a CSS background-image:url('${_esc(url)}') to a plain <img class="img" src=...> element. Recipe image_url is scraped from JSON-LD on third-party pages — a malicious page could return an image_url crafted to close the CSS url(...) string and inject layout-breaking CSS. With <img src=...> the URL stays in HTML-attribute context end-to-end where _esc is sufficient. Also adds defense-in-depth: validate URL parses as http(s) before rendering, fall through to placeholder otherwise, and set referrerpolicy=no-referrer so we don't leak our path to image hosts. CSS for .dcard .img widened with object-fit:cover so img and div both center/cover correctly. server.py CVE-NEW3-3 (LOW): _origin_of() now lowercases scheme AND host (urlparse only does scheme), and drops scheme-default ports (:80/:443) so `https://x.com:443` matches `https://x.com`. Closes a false-reject path on browsers that preserve case in Origin headers, or non-canonical CAULDRON_BASE_URL values. Not a bypass — false-reject robustness only — but cheap to fix and operationally important. server.py CODE3-3 (LOW): _safe_next() now allows `%` in the path charset so percent-encoded paths (e.g. /recipes/spaghetti%20bol) don't silently land at /me. Defense-in-depth: also percent-decode the path and reject if the decoded form contains `..` traversal or `//` (encoded forms of the same patterns the front-of-function reject already). server.py INFO3-2: auth_callback now does session.clear() before setting session["user"]. Capture+revalidate `next` BEFORE the clear so we don't drop our own redirect target. Drops every pre-auth key on login — defense-in-depth against session-state contamination if anything else ever lands in pre-auth session. .env.example INFO3-1: added CAULDRON_ADMIN_SUBS, CAULDRON_BASE_URL, CAULDRON_BEHIND_TLS, CAULDRON_TRUSTED_PROXIES with comments explaining what each one gates. Defaults are the safe-LAN set. Holding for public deploy — Cobb running LAN tests for a few days. INFO3-3 (rate limit) intentionally NOT addressed in code: the audit notes this as architecturally a proxy-layer concern (rackham vhost), not in-process. Rolled into the public-deploy commit when the vhost work lands. INFO3-4 (security primitive test coverage) deferred — separate test- sweep PR, doesn't block deploy.	2026-05-02 17:58:37 -07:00
Kayos	213801ca70	v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto Adds the multi-user plumbing layer underneath v0.1's batch-only API: - DB module (db.py) — PyMySQL against sulkta-mariadb, in-process migrations. Tables: cauldron_users, cauldron_user_mealie_tokens, cauldron_chat_log, schema_migrations. - Crypto module (crypto.py) — thin Fernet wrapper. Master key in env, per-row encryption of stored Mealie tokens, decrypt only in-process. - OIDC module (oidc.py) — Authlib-based Authentik integration. Issuer https://auth.sulkta.com/application/o/cauldron/, sub_mode=user_email, scopes openid+email+profile. App gated to 'Sulkta Family' group. - Two-tier Mealie shape — system_mealie (env token, admin batch) + current_user_mealie() helper that loads + decrypts the calling user's token from DB. Per the v0.2 design (memory/spec-cauldron-v0.2.md). - Connect flow — /connect-mealie pages walk users through minting their own Mealie API token and pasting it back. Validated against /api/users/self before encryption + storage. - Routes — /, /login, /auth/callback, /logout, /me, /connect-mealie, /disconnect-mealie. v0.1 admin endpoints kept under bearer auth. - Mealie.who_am_i() helper added. - Auth flow uses Authentik subject (sub) as the canonical user key. UI is minimal — connect-mealie page uses the locked palette (forest #1f2d1f, panels #2d3a2a, meadow #6b8e5a/#88a87a, parchment text #f0e6cc/#ddd4ba) and Cormorant Garamond serif headers. Strict palette. The fuller dashboard / plan / list / recipes views land in subsequent commits. Authentik provider PK 24, client_id ZIwEugWWWZinR1KcVC9IT9hpGoTds9ps8XDDHPPN. Group 'Sulkta Family' (pk 6d0c75e9-...) created with cobb member. Foundation only — Abby's branded UI and the meal-plan / shopping-list features land in subsequent v0.2 commits.	2026-04-28 19:47:47 -07:00
Kayos	130f96a34f	v0.1 — backend bones + ingredient sterilizer LAN-only Flask API that consumes Mealie (source of truth for recipes / plans / lists) and clawdforge (centralized claude -p runner) to do AI work. v0.1 surface: GET /healthz liveness + clawdforge upstream GET /api/recipes proxy Mealie recipe list POST /api/sterilize/preview/<slug> dry-run AI parse, return proposals POST /api/sterilize/apply/<slug> write parses back to Mealie Why sterilizer first: Mealie's CRF parser is mediocre and Cobb's hand-typed recipes have lots of free-form ingredient strings ("about 2 cups cooked white rice", "a pinch of salt") that don't aggregate cleanly into a shopping list. We batch all ingredients of one recipe into a single Sonnet call via clawdforge, get back parallel structured parses, then on apply link each to Mealie food/unit records (creating missing by name) and PUT the recipe back. Preview is non-destructive. No UI in v0.1 — bearer-auth API only. Frontend + Authentik OIDC + Abby's swamp/meadow/forest palette arrives in v0.2. Auth: simple shared bearer in env (ADMIN_BEARER) until OIDC lands. LAN-only deploy means the bearer is the only gate; no public exposure. Stack: python:3.12-slim + Flask 3 + gunicorn + requests. No DB in v0.1.	2026-04-28 16:59:11 -07:00

Author

SHA1

Message

Date

Kayos

9f261e6b9e

audit-fixes: 3rd-pass LOW/INFO sweep (CSS injection, Origin RFC, next charset, env doc, session clear)

Cobb requested all the small ones land before LAN testing.

discover.html CVE-NEW3-2 (LOW): switched recipe card image from a CSS
background-image:url('${_esc(url)}') to a plain <img class="img" src=...>
element. Recipe image_url is scraped from JSON-LD on third-party pages —
a malicious page could return an image_url crafted to close the CSS
url(...) string and inject layout-breaking CSS. With <img src=...> the
URL stays in HTML-attribute context end-to-end where _esc is sufficient.
Also adds defense-in-depth: validate URL parses as http(s) before
rendering, fall through to placeholder otherwise, and set
referrerpolicy=no-referrer so we don't leak our path to image hosts.
CSS for .dcard .img widened with object-fit:cover so img and div both
center/cover correctly.

server.py CVE-NEW3-3 (LOW): _origin_of() now lowercases scheme AND
host (urlparse only does scheme), and drops scheme-default ports
(:80/:443) so `https://x.com:443` matches `https://x.com`. Closes a
false-reject path on browsers that preserve case in Origin headers,
or non-canonical CAULDRON_BASE_URL values. Not a bypass — false-reject
robustness only — but cheap to fix and operationally important.

server.py CODE3-3 (LOW): _safe_next() now allows `%` in the path
charset so percent-encoded paths (e.g. /recipes/spaghetti%20bol)
don't silently land at /me. Defense-in-depth: also percent-decode
the path and reject if the decoded form contains `..` traversal or
`//` (encoded forms of the same patterns the front-of-function
reject already).

server.py INFO3-2: auth_callback now does session.clear() before
setting session["user"]. Capture+revalidate `next` BEFORE the clear
so we don't drop our own redirect target. Drops every pre-auth key
on login — defense-in-depth against session-state contamination if
anything else ever lands in pre-auth session.

.env.example INFO3-1: added CAULDRON_ADMIN_SUBS, CAULDRON_BASE_URL,
CAULDRON_BEHIND_TLS, CAULDRON_TRUSTED_PROXIES with comments
explaining what each one gates. Defaults are the safe-LAN set.

Holding for public deploy — Cobb running LAN tests for a few days.

INFO3-3 (rate limit) intentionally NOT addressed in code: the audit
notes this as architecturally a proxy-layer concern (rackham vhost),
not in-process. Rolled into the public-deploy commit when the vhost
work lands.

INFO3-4 (security primitive test coverage) deferred — separate test-
sweep PR, doesn't block deploy.

2026-05-02 17:58:37 -07:00

Kayos

213801ca70

v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto

Adds the multi-user plumbing layer underneath v0.1's batch-only API:

- DB module (db.py) — PyMySQL against sulkta-mariadb, in-process migrations.
  Tables: cauldron_users, cauldron_user_mealie_tokens, cauldron_chat_log,
  schema_migrations.
- Crypto module (crypto.py) — thin Fernet wrapper. Master key in env,
  per-row encryption of stored Mealie tokens, decrypt only in-process.
- OIDC module (oidc.py) — Authlib-based Authentik integration. Issuer
  https://auth.sulkta.com/application/o/cauldron/, sub_mode=user_email,
  scopes openid+email+profile. App gated to 'Sulkta Family' group.
- Two-tier Mealie shape — system_mealie (env token, admin batch) +
  current_user_mealie() helper that loads + decrypts the calling user's
  token from DB. Per the v0.2 design (memory/spec-cauldron-v0.2.md).
- Connect flow — /connect-mealie pages walk users through minting their
  own Mealie API token and pasting it back. Validated against
  /api/users/self before encryption + storage.
- Routes — /, /login, /auth/callback, /logout, /me, /connect-mealie,
  /disconnect-mealie. v0.1 admin endpoints kept under bearer auth.
- Mealie.who_am_i() helper added.
- Auth flow uses Authentik subject (sub) as the canonical user key.

UI is minimal — connect-mealie page uses the locked palette
(forest #1f2d1f, panels #2d3a2a, meadow #6b8e5a/#88a87a, parchment text
#f0e6cc/#ddd4ba) and Cormorant Garamond serif headers. Strict palette.
The fuller dashboard / plan / list / recipes views land in subsequent
commits.

Authentik provider PK 24, client_id ZIwEugWWWZinR1KcVC9IT9hpGoTds9ps8XDDHPPN.
Group 'Sulkta Family' (pk 6d0c75e9-...) created with cobb member.

Foundation only — Abby's branded UI and the meal-plan / shopping-list
features land in subsequent v0.2 commits.

2026-04-28 19:47:47 -07:00

Kayos

130f96a34f

v0.1 — backend bones + ingredient sterilizer

LAN-only Flask API that consumes Mealie (source of truth for recipes / plans
/ lists) and clawdforge (centralized claude -p runner) to do AI work.

v0.1 surface:
  GET  /healthz                          liveness + clawdforge upstream
  GET  /api/recipes                      proxy Mealie recipe list
  POST /api/sterilize/preview/<slug>     dry-run AI parse, return proposals
  POST /api/sterilize/apply/<slug>       write parses back to Mealie

Why sterilizer first: Mealie's CRF parser is mediocre and Cobb's hand-typed
recipes have lots of free-form ingredient strings ("about 2 cups cooked
white rice", "a pinch of salt") that don't aggregate cleanly into a
shopping list. We batch all ingredients of one recipe into a single Sonnet
call via clawdforge, get back parallel structured parses, then on apply
link each to Mealie food/unit records (creating missing by name) and PUT
the recipe back. Preview is non-destructive.

No UI in v0.1 — bearer-auth API only. Frontend + Authentik OIDC + Abby's
swamp/meadow/forest palette arrives in v0.2.

Auth: simple shared bearer in env (ADMIN_BEARER) until OIDC lands. LAN-only
deploy means the bearer is the only gate; no public exposure.

Stack: python:3.12-slim + Flask 3 + gunicorn + requests. No DB in v0.1.

2026-04-28 16:59:11 -07:00

3 commits