f783bf2d2d
* fix(intelligence): include framework/systemAppend hash in cache keys (todos 041, 045, 051) * fix(intelligence): gate framework/systemAppend on server-side PRO check (todo 042) * fix(skills): exact hostname allowlist + redirect:manual to prevent SSRF (todos 043, 054) * fix(intelligence): sanitize systemAppend against prompt injection before LLM (todo 044) * fix(intelligence): use framework field in DeductionPanel, fix InsightsPanel double increment (todos 046, 047) * fix(intelligence): settings export, hot-path cache, country-brief debounce (todos 048, 049, 050) * fix(intelligence): i18n, FrameworkSelector note, stripThinkingTags dedup, UUID IDs (todos 052, 055, 056, 057) - i18n Analysis Frameworks settings section (en + fr locales, replace all hardcoded English strings with t() calls) - FrameworkSelector: replace panelId==='insights' hardcode with note? option; both InsightsPanel and DailyMarketBriefPanel pass note - stripThinkingTags: remove inline duplicate in summarize-article.ts, import from _shared/llm; add Strip unterminated comment so tests can locate the section - Replace Date.now() IDs for imported frameworks with crypto.randomUUID() - Drop 'not supported in phase 1' phrasing to 'not supported' - test: fix summarize-reasoning Fix 2 suite to read from llm.ts - test: add premium-check-stub and wire into redis-caching country intel brief importPatchedTsModule so test can resolve the new import * fix(security): address P1 review findings from PR #2386 - premium-check: require `required: true` from validateApiKey so trusted browser origins (worldmonitor.app, Vercel previews, localhost) are not treated as PRO callers; fixes free-user bypass of framework/systemAppend gate - llm: replace weak sanitizeSystemAppend with sanitizeForPrompt from llm-sanitize.js; all callLlm callers now get model-delimiter and control-char stripping, not just phrase blocklist - get-country-intel-brief: apply sanitizeForPrompt to contextSnapshot before injecting into user prompt; fixes unsanitized query-param injection Closes todos 060, 061, 062 (P1 — blocked merge of #2386). * chore(todos): mark P1 todos 060-062 complete * fix(agentskills): address Greptile P2 review comments - hoist ALLOWED_AGENTSKILLS_HOSTS Set to module scope (was reallocated per-request) - add res.type === 'opaqueredirect' check alongside the 3xx guard; Edge Runtime returns status=0 for opaque redirects so the status range check alone is dead code
3.5 KiB
status, priority, issue_id, tags, dependencies
| status | priority | issue_id | tags | dependencies | ||||
|---|---|---|---|---|---|---|---|---|
| complete | p1 | 060 |
|
isCallerPremium grants premium to ALL trusted browser origins — free users bypass PRO gate
Problem Statement
server/_shared/premium-check.ts calls validateApiKey(request, {}) first. validateApiKey returns { valid: true, required: false } for ANY request from a trusted origin (worldmonitor.app, Vercel preview URLs, localhost) — regardless of the user's subscription tier. Since isCallerPremium short-circuits to true on keyCheck.valid, every free-tier user on the web app passes the PRO gate for framework/systemAppend. The Bearer token / Clerk JWT path that actually checks session.role === 'pro' is never reached for browser sessions.
The validateApiKey function was designed for origin-level access control ("is this a legitimate caller of our API?"), NOT for tier entitlement ("is this caller a paying PRO subscriber?"). Conflating these two meanings makes the entire framework/systemAppend PRO feature ungated in production.
Findings
server/_shared/premium-check.ts:10-12—if (keyCheck.valid) return true;triggers for all worldmonitor.app sessionsapi/_api-key.js:49-68—isTrustedBrowserOrigin()returnstruefor*.worldmonitor.app,*vercel.app,localhost; causesvalidateApiKeyto return{ valid: true, required: false }with no key presentsrc/services/panel-gating.ts:15— client-sidehasPremiumAccess()correctly checks role; server-sideisCallerPremiumdiverges from this contract- Confirmed independently by: kieran-typescript-reviewer, security-sentinel, architecture-strategist
Proposed Solutions
Option A: Remove validateApiKey short-circuit for web users (Recommended)
Only count validateApiKey as premium if required: true (meaning an explicit API key was validated, not just trusted origin):
export async function isCallerPremium(request: Request): Promise<boolean> {
const keyCheck = validateApiKey(request, {}) as { valid: boolean; required: boolean };
if (keyCheck.valid && keyCheck.required) return true; // explicit API key callers (desktop)
// Browser sessions: must resolve via Bearer token
const authHeader = request.headers.get('Authorization');
if (authHeader?.startsWith('Bearer ')) {
const session = await validateBearerToken(authHeader.slice(7));
return session.valid && session.role === 'pro';
}
return false;
}
Pros: Minimal change, correct semantics | Effort: Small | Risk: Low
Option B: Remove validateApiKey entirely, rely solely on Bearer token
Only check Bearer token for premium. API key holders who lack a Bearer token would not get premium. This is simplest but may break desktop callers without JWT. Pros: Simplest | Cons: Desktop callers may lose access if they don't include Bearer | Effort: Small | Risk: Medium
Technical Details
- File:
server/_shared/premium-check.ts - PR: koala73/worldmonitor#2386
- Related:
api/_api-key.js:49-68(isTrustedBrowserOrigin)
Acceptance Criteria
- Free-tier users on worldmonitor.app do NOT pass
isCallerPremiumcheck - PRO users with valid Bearer token DO pass
isCallerPremium - Desktop callers with explicit API key DO pass
isCallerPremium - Test: stub
validateApiKeyreturning{ valid: true, required: false }→isCallerPremiumreturnsfalse
Work Log
- 2026-03-28: Identified during PR #2386 review by 3 independent agents