sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(middleware): harden routing with fail-closed policy, custom subdomain management, and perf fixes
Some checks failed
CI / pytest (push) Waiting to run
Details
CI / ruff (push) Successful in 12s
Details
CI / validate (push) Successful in 26s
Details
CI / dependency-scanning (push) Successful in 31s
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details

Browse Source 
- Fix IPv6 host parsing with _strip_port() utility
- Remove dangerous StorePlatform→Store.subdomain silent fallback
- Close storefront gate bypass when frontend_type is None
- Add custom subdomain management UI and API for stores
- Add domain health diagnostic tool
- Convert db.add() in loops to db.add_all() (24 PERF-006 fixes)
- Add tests for all new functionality (18 subdomain service tests)
- Add .github templates for validator compliance

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-03-15 18:13:01 +01:00
parent 07fab01f6a
commit 540205402f
38 changed files with 1827 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
middleware/store_context.py
View File

@@ -245,7 +245,7 @@ class StoreContextManager:
)
return store
# 2b. Fallback to Store.subdomain (global default)
# 2b. Fallback to Store.subdomain with platform membership check
store = (
db.query(Store)
.filter(func.lower(Store.subdomain) == subdomain.lower())
@@ -254,6 +254,33 @@ class StoreContextManager:
)
if store:
# When a platform context exists and detection is "subdomain",
# verify the store actually has an active membership on this
# platform. Without this check, a subdomain like
# "other-tenant.omsflow.lu" could resolve a store that only
# belongs to the loyalty platform — a cross-tenant leak.
if platform and context.get("detection_method") == "subdomain":
from app.modules.tenancy.models.store_platform import (
StorePlatform as SP,
)
has_membership = (
db.query(SP)
.filter(
SP.store_id == store.id,
SP.platform_id == platform.id,
SP.is_active.is_(True),
)
.first()
)
if not has_membership:
logger.warning(
f"[FAIL-CLOSED] Store '{subdomain}' exists but has no "
f"active membership on platform {platform.code}"
f"blocking cross-tenant resolution"
)
return None
method = context.get("detection_method", "unknown")
logger.info(
f"[OK] Store found via {method}: {subdomain}{store.name}"