CubeCraft-Creations/remote-rig
11
0
Fork 0
generated from CubeCraft-Creations/Tracehound
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

fix: harden camera API endpoints (CUB-234) #12

Merged
overseer merged 2 commits from agent/dex/CUB-234-harden-camera-endpoints into dev 2026-05-28 06:59:11 -04:00
Conversation 0 Commits 2 Files Changed 9
+835 -68
Otto commented 2026-05-23 08:52:11 -04:00
Owner
Copy Link
Copy Source

Overview

Hardens all camera API endpoints with input validation, structured error responses, and proper SQL handling.

Changes

Input Validation (new harden.go)

  • Content-Type validation on all POST endpoints
  • Request body size limit (64KB)
  • Field length: camera_id ≤ 64, friendly_name ≤ 128, mode ≤ 32, resolution ≤ 32
  • FPS range: 0-240
  • Battery percentage range: 0-100

Structured Error Responses

  • Replaced ad-hoc map[string]string errors with typed APIError {error, code, details}
  • Consistent format across all endpoints

Bug Fixes

  • MacAddress model field: string*string (fixes NULL scan errors)
  • isUniqueConstraintErr: now matches both camera_id and mac_address constraint violations
  • splitSQL: strips -- line comments before splitting on semicolons (fixes migration failures with modernc.org/sqlite)

Tests

  • 30 integration tests covering all endpoints
  • All tests PASS

Files Changed

  • internal/api/harden.go — new validation and response helpers
  • internal/api/cameras.go — hardened GET/POST camera handlers
  • internal/api/recording.go — hardened start/stop handlers
  • internal/api/status.go — hardened PushStatus handler
  • internal/api/camera_test.go — 30 integration tests
  • internal/db/db.go — fixed SQL line comment stripping
  • pkg/models/camera.go — MacAddress → *string

Closes CUB-234

## Overview Hardens all camera API endpoints with input validation, structured error responses, and proper SQL handling. ## Changes ### Input Validation (new `harden.go`) - Content-Type validation on all POST endpoints - Request body size limit (64KB) - Field length: `camera_id` ≤ 64, `friendly_name` ≤ 128, `mode` ≤ 32, `resolution` ≤ 32 - FPS range: 0-240 - Battery percentage range: 0-100 ### Structured Error Responses - Replaced ad-hoc `map[string]string` errors with typed `APIError {error, code, details}` - Consistent format across all endpoints ### Bug Fixes - `MacAddress` model field: `string` → `*string` (fixes NULL scan errors) - `isUniqueConstraintErr`: now matches both `camera_id` and `mac_address` constraint violations - `splitSQL`: strips `--` line comments before splitting on semicolons (fixes migration failures with `modernc.org/sqlite`) ### Tests - **30 integration tests** covering all endpoints - All tests PASS ### Files Changed - `internal/api/harden.go` — new validation and response helpers - `internal/api/cameras.go` — hardened GET/POST camera handlers - `internal/api/recording.go` — hardened start/stop handlers - `internal/api/status.go` — hardened PushStatus handler - `internal/api/camera_test.go` — 30 integration tests - `internal/db/db.go` — fixed SQL line comment stripping - `pkg/models/camera.go` — MacAddress → *string Closes CUB-234
Otto added 1 commit 2026-05-23 08:52:11 -04:00
fix: harden camera API endpoints (CUB-234)
CI/CD / lint-and-typecheck (pull_request) Failing after 12m11s
Details
CI/CD / test (pull_request) Has been cancelled
Details
CI/CD / build (pull_request) Has been cancelled
Details
CI/CD / deploy (pull_request) Has been cancelled
Details
1f253283f8 
- Add request validation: Content-Type check, body size limit (64KB)
- Add field length validation (camera_id: 64, friendly_name: 128, mode: 32, resolution: 32)
- Add FPS range validation (0-240)
- Add battery_pct range validation (0-100)
- Replace ad-hoc map[string]string errors with structured APIError {error, code, details}
- Fix isUniqueConstraintErr to catch both camera_id and mac_address constraint violations
- Fix MacAddress model field from string to *string for NULL handling
- Fix splitSQL to strip -- line comments before splitting (was causing migration failures with modernc.org/sqlite)
- Add 30 integration tests covering all endpoints
- All tests pass: ok github.com/cubecraft/remoterig/internal/api
overseer added 1 commit 2026-05-28 06:59:01 -04:00
Merge branch 'dev' into agent/dex/CUB-234-harden-camera-endpoints
CI/CD / lint-and-typecheck (pull_request) Successful in 7s
Details
CI/CD / test (pull_request) Successful in 8s
Details
CI/CD / build (pull_request) Failing after 9s
Details
CI/CD / deploy (pull_request) Has been skipped
Details
81f168e8a4
overseer merged commit cc1b05a4e7 into dev 2026-05-28 06:59:11 -04:00
overseer deleted branch agent/dex/CUB-234-harden-camera-endpoints 2026-05-28 06:59:11 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
agent/dex
Backend development agent
 agent/hermes
Hermes orchestration/automation
 agent/hex
Database/migration agent
 agent/nano
Firmware/microcontroller development agent
 agent/otto
Reviewer/orchestrator agent
 agent/pip
Raspberry Pi/hub development agent
 agent/rex
Frontend development agent
 agent/sketch
UI/UX and design agent
 priority/high
Linear priority: High
 priority/low
Linear priority: Low
 priority/medium
Linear priority: Medium
 priority/urgent
Linear priority: Urgent
 project/bot-task-tracker
Bot Task Tracker project
 project/control-center
Control Center / Command Hub project
 project/extrudex
Extrudex project
 project/product-pipeline
Product Pipeline project
 project/remoterig
RemoteRig project
 project/shopify-bugs
Shopify Bugs project
 project/social-media-content-pipeline
Social Media Content Pipeline project
 project/tracehound
TraceHound project
 state/backlog
Imported/active backlog work not yet scheduled
 state/canceled
Canceled/won’t do; used on closed imported issues
 state/done
Completed work; used on closed imported issues
 state/duplicate
Duplicate issue; used on closed imported issues
 state/in-progress
Currently being worked
 state/in-review
Pull request or implementation under review
 state/todo
Ready to start
 status/blocked
Blocked by dependency or decision
 status/needs-dev-breakdown
Needs implementation breakdown before agents start
 status/needs-research
Needs research before implementation
 type/bug
Bug fix
 type/feature
Feature work
 type/hardware
Hardware/mechanical/electronics work
 type/improvement
Improvement/refactor
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Dex Grimm Hermes Hex Nano openclaw-mcp Otto (Otto the Minion) overseer (Joshua) Pip Rex Sketch
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: CubeCraft-Creations/remote-rig#12
Delete Branch "agent/dex/CUB-234-harden-camera-endpoints"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?