marketing-shibata50/multica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
multica/server/internal/handler
History
yushen 9e23fb76fc fix(upload): harden upload flow — sanitize filenames, refresh CF cookies, deduplicate handlers 
- Sanitize Content-Disposition filenames to prevent header injection (strip control chars, quotes, semicolons)
- Add CloudFront cookie refresh middleware so cookies are re-issued when expired
- Log errors in groupAttachments instead of silently swallowing them
- Move useFileUpload hook to shared/hooks/ per project architecture conventions
- Add uploadWithToast helper to deduplicate try/catch/toast pattern across 3 components
- Refactor ApiClient.uploadFile to reuse auth headers, 401 handling, and error parsing
- Allow empty MIME types client-side (let server sniff and decide)
- Constrain Image extension max-width in rich-text-editor to prevent layout overflow

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:52:40 +08:00
..
activity.go feat(upload): signed URLs for CLI + eager load attachments on comments 2026-03-31 15:42:10 +08:00
activity_test.go feat(activity): unified activity timeline with comment reply support 2026-03-28 21:53:08 +08:00
agent.go feat(agents): reply as thread instead of top-level comment (#205) 2026-03-31 13:48:39 +08:00
auth.go feat(upload): add file upload API with S3 + CloudFront signed cookies 2026-03-31 14:41:17 +08:00
comment.go feat(upload): signed URLs for CLI + eager load attachments on comments 2026-03-31 15:42:10 +08:00
daemon.go feat(security): redact sensitive information in agent live output 2026-03-30 23:38:49 +08:00
daemon_pairing.go feat(runtime): add local codex daemon pairing 2026-03-24 12:03:14 +08:00
file.go fix(upload): harden upload flow — sanitize filenames, refresh CF cookies, deduplicate handlers 2026-03-31 15:52:40 +08:00
handler.go feat(upload): add file upload API with S3 + CloudFront signed cookies 2026-03-31 14:41:17 +08:00
handler_test.go feat(upload): add file upload API with S3 + CloudFront signed cookies 2026-03-31 14:41:17 +08:00
inbox.go feat(inbox): scope all inbox queries by workspace_id 2026-03-29 17:42:45 +08:00
issue.go Merge pull request #200 from multica-ai/forrestchang/comment-reactions 2026-03-30 22:40:54 +08:00
issue_reaction.go feat(reactions): add emoji reactions for comments and issue descriptions 2026-03-30 22:37:59 +08:00
personal_access_token.go feat(auth): email verification login and personal access tokens 2026-03-26 14:32:30 +08:00
reaction.go feat(reactions): add emoji reactions for comments and issue descriptions 2026-03-30 22:37:59 +08:00
runtime.go refactor(server): consolidate workspace permission checks into middleware 2026-03-30 03:40:20 +08:00
runtime_ping.go feat(runtimes): add Runtimes tab with usage tracking and connection test 2026-03-26 18:28:36 +08:00
skill.go feat(api): strict workspace isolation + agent parity fixes 2026-03-30 16:49:13 +08:00
subscriber.go feat(api): strict workspace isolation + agent parity fixes 2026-03-30 16:49:13 +08:00
subscriber_test.go feat(notifications): replace hardcoded inbox notifications with subscriber-driven model 2026-03-28 19:33:20 +08:00
workspace.go refactor(server): consolidate workspace permission checks into middleware 2026-03-30 03:40:20 +08:00