fix: redact ingestion payload logs and update changelog

2026-03-21 17:09:51 +01:00 · 2026-02-13 12:06:18 +01:00
parent b89171d934
commit f22cac891c
3 changed files with 32 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 ## Unreleased
 - Fix: edge case where navigation back to a chat page could trigger a new response generation
+- Security: hardened storage-layer queries by replacing user-influenced string interpolation with bound parameters and adding injection regression tests.
+- Security: removed raw ingestion payload logging from API/HTML ingress handlers and replaced it with metadata-only structured logs.

 ## 1.0.1 (2026-02-11)
 - Shipped an S3 storage backend so content can be stored in object storage instead of local disk, with configuration support for S3 deployments.
--- a/api-router/src/routes/ingress.rs
+++ b/api-router/src/routes/ingress.rs
@@ -29,8 +29,22 @@ pub async fn ingest_data(
    Extension(user): Extension<User>,
    TypedMultipart(input): TypedMultipart<IngestParams>,
 ) -> Result<impl IntoResponse, ApiError> {
-    info!("Received input: {:?}", input);
    let user_id = user.id;
+    let content_bytes = input.content.as_ref().map_or(0, |c| c.len());
+    let has_content = input.content.as_ref().is_some_and(|c| !c.trim().is_empty());
+    let context_bytes = input.context.len();
+    let category_bytes = input.category.len();
+    let file_count = input.files.len();
+
+    info!(
+        user_id = %user_id,
+        has_content,
+        content_bytes,
+        context_bytes,
+        category_bytes,
+        file_count,
+        "Received ingestion request"
+    );

    let file_infos = try_join_all(input.files.into_iter().map(|file| {
        FileInfo::new_with_storage(file, &state.db, &user_id, &state.storage)
--- a/html-router/src/routes/ingestion/handlers.rs
+++ b/html-router/src/routes/ingestion/handlers.rs
@@ -95,7 +95,21 @@ pub async fn process_ingress_form(
        ));
    }

-    info!("{:?}", input);
+    let content_bytes = input.content.as_ref().map_or(0, |c| c.len());
+    let has_content = input.content.as_ref().is_some_and(|c| !c.trim().is_empty());
+    let context_bytes = input.context.len();
+    let category_bytes = input.category.len();
+    let file_count = input.files.len();
+
+    info!(
+        user_id = %user.id,
+        has_content,
+        content_bytes,
+        context_bytes,
+        category_bytes,
+        file_count,
+        "Received ingestion form submission"
+    );

    let file_infos = try_join_all(input.files.into_iter().map(|file| {
        FileInfo::new_with_storage(file, &state.db, &user.id, &state.storage)