niuniu/ai-customer-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
000c82747ceadea35bce7089d04a6ed2048b8744
ai-customer-service/docs/SECURITY_BOUNDARY.md

1.1 KiB
Raw Blame History

Security Boundary

Trust Model

RequireRoles RBAC Middleware

Location: internal/http/middleware/authz.go:RequireRoles

  • What it does: Enforces role-based access control (RBAC) by checking the X-CS-Actor-ID and X-CS-Actor-Role headers against an allow-list of permitted roles.
  • What it does NOT do: It does not verify the authenticity, integrity, or origin of these headers. A malicious client can forge both headers.
  • Trust boundary: This middleware assumes that an upstream component (API Gateway, reverse proxy, or JWT validation layer) has already performed real authentication and has stripped or validated any forged headers before they reach this service.

Production Deployment Requirements

  • An API Gateway or ingress controller must authenticate requests using JWT, mTLS, or an equivalent mechanism before forwarding them to ai-customer-service.
  • The gateway must sanitize or reject unauthorized X-CS-Actor-* headers.
  • Direct exposure of the service to the public internet without an authenticating gateway is not supported.
Reference in New Issue View Git Blame Copy Permalink