Mission: Security Hardening & Vulnerability Remediation

Overview

Objectives

1. Secure Authentication: Eliminate legacy hashing and duplicate auth paths.
2. Protect Player Data: Fix Google Login data wipe and Trading metadata loss.
3. Encrypted PII: Encrypt sensitive user data (email, ticket content) at rest using externalized keys (AES-256-GCM).
4. Harden APIs: Secure Ticket and Shop APIs against PII leaks and race conditions.
5. Prevent Denial of Service: Implement proper rate limiting and connection caps.

Implementation Plan

Phase 1: Critical Fixes (Data Loss & Auth) ✅

• Fix Insecure Password Hashing
  • Remove api-game/src/api/auth_handlers.rs (Insecure Placeholder).
  • Ensure all routes use logic_core::auth (Argon2).
• Fix Google Login Data Wipe
  • Update websocket.rs to load existing player state before overwriting.
• Fix Trading Metadata Loss
  • Update trading/manager.rs to query and restore item metadata.
• Fix WebSocket Connection Limit
  • Lower IP limit from 500 to 10.

Phase 2: API Security & Encryption (In Progress)

• PII Encryption (External Key)
  • Infrastructure: Add PII_ENCRYPTION_KEY (32-byte hex) to .env.
  • Implementation: Create EncryptionService using aes-gcm.
  • Migration: Encrypt users.email and tickets.content columns.
  • Ticket API: Decrypt on-the-fly ONLY for authorized admins (with X-Admin-Secret).
• Secure Ticket API
  • Add X-Admin-Secret check to GET /tickets.
  • Patch Prompt Injection vector in Gemini classifier.
• Secure Shop API
  • Fix Shop Stock Race Condition (Atomic/Durable Object or optimistic locking).
  • Add Auth/Captcha to POST /orders.

Phase 3: Cleanup & Hardening

• Remove Sensitive Logs (Reset Tokens).
• Fix Handler Panics (Replace expect with Result).
• Implement Rate Limiting on missing endpoints.

References

• Security Audit Report