CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-30 21:01:54 +08:00
Code Issues Actions 44 Packages Projects Releases Wiki Activity

fix: build authHeaders via Map in rewrite-template-source route

Browse Source 
Per team dynamic-key-object rule (greptile P2): accumulate the forwarded
x-stack-*/x-hexclave-* auth headers in a Map<string, string> to avoid
prototype-pollution risk, then convert to a plain object at the call
boundary into rewriteTemplateSourceWithAI.
This commit is contained in:
mantrakp04 2026-06-17 10:01:07 -07:00
parent e6c335a913
commit f02f8211c6
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/backend/src/app/api/latest/internal/rewrite-template-source/route.tsx
View File

@ -31,14 +31,15 @@ export const POST = createSmartRouteHandler({
// (which is a fresh HTTP request to /ai/query/generate) is authenticated
// and resolves to the authenticated model tier rather than falling back
// to the unauthenticated one.
const authHeaders: Record<string, string> = {};
const authHeadersMap = new Map<string, string>();
for (const [key, value] of Object.entries(fullReq.headers)) {
if (value == null) continue;
const lower = key.toLowerCase();
if (lower.startsWith("x-stack-") || lower.startsWith("x-hexclave-")) {
authHeaders[key] = value.join(",");
authHeadersMap.set(key, value.join(","));
}
}
const authHeaders: Record<string, string> = Object.fromEntries(authHeadersMap);
const rewriteResult = await rewriteTemplateSourceWithAI(body.template_tsx_source, authHeaders);
if (rewriteResult.status === "error") {