ODS Platform / DocStore

Security Review — SPLITc

CORS middleware, body size limits, audit roles cleanup — 2026-03-20

119
Unit Tests
+2
Tests Added
5
Files Changed
+93
Lines Delta
Changes
1
CORS Middleware
Wired actix-cors into main.rs via config.build_cors(). Configured from CORS_ALLOWED_ORIGINS env var. Allows GET, POST, PATCH, DELETE, OPTIONS. Permits headers: Authorization, Content-Type, X-Tenant-Id, X-Correlation-Id, X-Source-Service. Empty origins = deny all cross-origin (secure default).
2
Request Body Size Limits
Applied max_body_size via JsonConfig and PayloadConfig in main.rs. Configurable via MAX_BODY_SIZE_BYTES env var (default: 1 MiB).
3
Audit Roles Centralized
Audit handler now uses roles::AUDIT_ROLES from the centralized module instead of a local AUDIT_ROLES constant. Single source of truth for RBAC.
Tests Added
Files Changed
File Change Delta
Cargo.toml Added actix-cors dependency +1
Cargo.lock Resolved actix-cors + transitive deps +16
src/config.rs build_cors() method + 2 unit tests +67
src/main.rs CORS wrap, JsonConfig + PayloadConfig limits +7
src/api/audit.rs Use centralized roles::AUDIT_ROLES +2 / -3
Security Review Timeline
Mar 19
SPLITa: API Hardening6759be6
DTOs hide storage_key, metadata validation, /ready error hiding, audit failure propagation, Dockerfile hardening. 6 tests added.
Mar 19
SPLITb: JWT & RBAC15e9eb5
JWT aud/iss/nbf validation, clock skew leeway, centralized role constants, viewer role on reads, removed set_tenant_context. 8 tests added.
Mar 20
SPLITc: CORS & Wiringd3a71bd
CORS middleware from config, body size limits in app, audit roles centralized. 2 tests added. All security review items complete.
docstore — security review complete — 16 tests added across 3 commits — 119 unit + 20 integration + 11 E2E