Files · 9d3a74bcccf934aa2fa95ee240b56cc3b3a25776 · Vũ Hoàng Anh / canifa_note

fix(api): make credentials write-only and restrict sensitive settings to admins · 9d3a74bc

memoclaw authored Mar 28, 2026

Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

9d3a74bc

Name	Last commit	Last update
.github		Loading commit data...
cmd/memos		Loading commit data...
docs/issues		Loading commit data...
internal		Loading commit data...
plugin		Loading commit data...
proto		Loading commit data...
scripts		Loading commit data...
server		Loading commit data...
store		Loading commit data...
web		Loading commit data...
.dockerignore		Loading commit data...
.gitignore		Loading commit data...
.golangci.yaml		Loading commit data...
AGENTS.md		Loading commit data...
CLAUDE.md		Loading commit data...
CODEOWNERS		Loading commit data...
LICENSE		Loading commit data...
README.md		Loading commit data...
SECURITY.md		Loading commit data...
go.mod		Loading commit data...
go.sum		Loading commit data...

README.md