Skip to content

fix: disk space pre-check, TLS expiry warning, admin rate-limiting#13

Merged
Romain-Grosos merged 4 commits intomainfrom
fix/quality-hardening
Mar 7, 2026
Merged

fix: disk space pre-check, TLS expiry warning, admin rate-limiting#13
Romain-Grosos merged 4 commits intomainfrom
fix/quality-hardening

Conversation

@Romain-Grosos
Copy link
Copy Markdown
Contributor

@Romain-Grosos Romain-Grosos commented Mar 7, 2026

Summary

Three quality hardening items to close remaining audit findings.

  • Disk space pre-check: verify available space (2x upload size) before accepting import on POST and PUT endpoints, returns 507 Insufficient Storage
  • TLS certificate expiry warning: check server.pem at daemon startup, warn if certificate expires within 30 days or has already expired
  • Admin API rate-limiting: per-IP sliding window (60 req/min) on all /admin/* endpoints with 429 + Retry-After header

Test plan

  • 369 tests pass (365 existing + 4 new rate limiter tests) - [x] Lint clean (ruff check + format)
  • Changelog updated
  • Roadmap cleaned (previous Done items removed, current batch marked Done)

@Romain-Grosos
fix(handler): add disk space pre-check before import
3d0d871 
Verify available disk space (2x content-length for upload +
extraction) before accepting import on both POST and PUT
endpoints. Returns 507 Insufficient Storage on failure.
@Romain-Grosos
fix(server): add TLS certificate expiry warning at startup
3b6eddd 
Check server.pem expiry date on serve startup. Warn if the
certificate expires within 30 days or has already expired,
with actionable message to run 'buncker api-setup'.
@Romain-Grosos
feat(server): add per-IP rate limiting on admin endpoints
4fbac76 
Sliding window rate limiter (60 req/min per IP) on all /admin/*
endpoints. Returns 429 Too Many Requests with Retry-After header.
Tests: unit tests for RateLimiter + integration test for 429.
@Romain-Grosos
docs: update changelog and clean up roadmap
434085a 
- Add disk space pre-check, TLS expiry warning, and rate-limiting
  to changelog [Unreleased] section
- Remove completed items from roadmap, mark current batch as Done
@Romain-Grosos Romain-Grosos self-assigned this Mar 7, 2026
@Romain-Grosos Romain-Grosos merged commit 4b793f4 into main Mar 7, 2026
5 checks passed
@Romain-Grosos Romain-Grosos deleted the fix/quality-hardening branch March 7, 2026 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Romain-Grosos Romain-Grosos

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Romain-Grosos