stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

Browse Source
This commit is contained in:
master
2026-02-23 15:30:50 +02:00
parent bd8fee6ed8
commit e746577380
1424 changed files with 81225 additions and 25251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/VexHub/StellaOps.VexHub.WebService/Extensions/VexHubEndpointExtensions.cs
View File

@@ -4,6 +4,7 @@ using StellaOps.VexHub.Core;
using StellaOps.VexHub.Core.Export;
using StellaOps.VexHub.Core.Models;
using StellaOps.VexHub.WebService.Models;
using StellaOps.VexHub.WebService.Security;
using System.Text;
using System.Text.Json;
using System.Text.Json.Nodes;
@@ -21,7 +22,8 @@ public static class VexHubEndpointExtensions
public static WebApplication MapVexHubEndpoints(this WebApplication app)
{
var vexGroup = app.MapGroup("/api/v1/vex")
.WithTags("VEX");
.WithTags("VEX")
.RequireAuthorization(VexHubPolicies.Read);
// GET /api/v1/vex/cve/{cve-id}
vexGroup.MapGet("/cve/{cveId}", GetByCve)

9
src/VexHub/StellaOps.VexHub.WebService/Program.cs
View File

@@ -6,6 +6,7 @@ using StellaOps.VexHub.Core.Extensions;
using StellaOps.VexHub.Persistence.Extensions;
using StellaOps.VexHub.WebService.Extensions;
using StellaOps.VexHub.WebService.Middleware;
using StellaOps.VexHub.WebService.Security;
var builder = WebApplication.CreateBuilder(args);
@@ -43,7 +44,13 @@ builder.Services.AddAuthentication("ApiKey")
}
});
builder.Services.AddAuthorization();
builder.Services.AddAuthorization(options =>
{
// VexHub uses API-key authentication; policies require an authenticated API key holder.
// Scope enforcement is delegated to the API key configuration (per-key scope list).
options.AddPolicy(VexHubPolicies.Read, policy => policy.RequireAuthenticatedUser());
options.AddPolicy(VexHubPolicies.Admin, policy => policy.RequireAuthenticatedUser());
});
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddOpenApi();

17
src/VexHub/StellaOps.VexHub.WebService/Security/VexHubPolicies.cs Normal file
View File

@@ -0,0 +1,17 @@
// Copyright (c) StellaOps. Licensed under the BUSL-1.1.
namespace StellaOps.VexHub.WebService.Security;
/// <summary>
/// Named authorization policy constants for the VexHub service.
/// VexHub uses API-key authentication. All VEX query endpoints require a valid,
/// authenticated API key. Scope enforcement is delegated to the API key configuration.
/// </summary>
internal static class VexHubPolicies
{
/// <summary>Policy for querying and reading VEX statements. Requires an authenticated API key.</summary>
public const string Read = "VexHub.Read";
/// <summary>Policy for administrative operations (ingestion, source management). Requires an authenticated API key with admin scope.</summary>
public const string Admin = "VexHub.Admin";
}