feat: harden HTTP server with rate limiting, request timeouts, and sanitized error messages

src/serve/server.go

@@ -24,6 +24,8 @@ func New(newSvc func(user string) (service.NodeService, error), oidcCfg *store.O
 	mux.HandleFunc("DELETE /nodes/{id}", s.deleteNode)
 	mux.HandleFunc("GET /users", s.listUsers)
 	mux.HandleFunc("POST /users", s.addUser)
+	rl := newRateLimiter(10, 30) // 10 req/s sustained, burst of 30
+
 	if oidcCfg != nil {
 		ah, err := newAuthHandler(*oidcCfg)
 		if err != nil {
@@ -33,9 +35,9 @@ func New(newSvc func(user string) (service.NodeService, error), oidcCfg *store.O
 		mux.HandleFunc("POST /auth/device/start", ah.deviceStart)
 		mux.HandleFunc("GET /auth/callback", ah.callback)
 		mux.HandleFunc("GET /auth/poll", ah.poll)
-		return withSessionAuth(ah, mux), nil
+		return withRateLimit(rl, withSessionAuth(ah, mux)), nil
 	}
-	return mux, nil
+	return withRateLimit(rl, mux), nil
 }
 
 type server struct {
@@ -53,7 +55,7 @@ func (s *server) svc(w http.ResponseWriter, r *http.Request) (service.NodeServic
 	}
 	svc, err := s.newSvc(user)
 	if err != nil {
-		writeError(w, http.StatusInternalServerError, err.Error())
+		writeError(w, http.StatusInternalServerError, "internal error")
 		return nil, false
 	}
 	return svc, true
@@ -96,7 +98,7 @@ func (s *server) listNodes(w http.ResponseWriter, r *http.Request) {
 	}
 	nodes, err := svc.List(filter)
 	if err != nil {
-		writeError(w, http.StatusInternalServerError, err.Error())
+		writeError(w, http.StatusInternalServerError, "internal error")
 		return
 	}
 	writeJSON(w, nodes)
@@ -171,7 +173,7 @@ func (s *server) listUsers(w http.ResponseWriter, r *http.Request) {
 	}
 	users, err := svc.ListUsers()
 	if err != nil {
-		writeError(w, http.StatusInternalServerError, err.Error())
+		writeError(w, http.StatusInternalServerError, "internal error")
 		return
 	}
 	writeJSON(w, users)