Fix security and validation issues

Agent-Planner · Agent-Planner · commit aca42f54f27a · 2026-01-28T13:10:31.000-05:00
- Add DuckDNS domain validation in scripts/deploy.sh
- Add project directory existence check in server/routers/cicd.py
- Remove internal error details from client responses (security fix)
diff --git a/deploy.sh b/deploy.sh
@@ -372,7 +372,7 @@ post_checks() {
 }
 
 print_notes() {
-  cat <<'EOF'
+  cat <<EOF
 
 Deployment complete.
 
@@ -382,17 +382,17 @@ If the domain does not come up immediately:
 3. Check logs:
    docker compose -f docker-compose.yml -f docker-compose.traefik.yml logs -f
 4. Confirm backend health locally:
-   curl -fsS http://127.0.0.1:8888/api/health || true
+   curl -fsS http://127.0.0.1:${APP_PORT:-8888}/api/health || true
 
 To update later, rerun this script. It will git pull and restart.
 EOF
 }
 
 ensure_packages
 configure_duckdns
+preserve_env_file
 clone_repo
 assert_compose_files
-preserve_env_file
 write_env
 prepare_ssl_storage
 run_compose
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -34,7 +34,13 @@ prompt_required LETSENCRYPT_EMAIL "Enter email for Let's Encrypt notifications"
 if [[ "${DOMAIN}" == *.duckdns.org ]]; then
   DUCKDNS_SUBDOMAIN="${DOMAIN%.duckdns.org}"
 else
-  DUCKDNS_SUBDOMAIN="${DOMAIN}"
+  echo "WARNING: Domain '${DOMAIN}' does not end with .duckdns.org."
+  echo "DuckDNS API requires a duckdns.org subdomain."
+  read -r -p "Enter just the DuckDNS subdomain (without .duckdns.org): " DUCKDNS_SUBDOMAIN
+  if [[ -z "$DUCKDNS_SUBDOMAIN" ]]; then
+    echo "DuckDNS subdomain cannot be empty." >&2
+    exit 1
+  fi
 fi
 
 read -r -p "Git repo URL [https://github.com/heidi-dang/autocoder.git]: " REPO_URL
diff --git a/server/routers/cicd.py b/server/routers/cicd.py
@@ -163,6 +163,9 @@ async def preview_workflow(request: PreviewRequest):
     if not project_dir:
         raise HTTPException(status_code=404, detail="Project not found")
 
+    if not project_dir.exists():
+        raise HTTPException(status_code=404, detail="Project directory not found")
+
     if request.workflow_type not in ["ci", "security", "deploy"]:
         raise HTTPException(
             status_code=400,
@@ -253,4 +256,5 @@ async def get_workflow_content(project_name: str, filename: str):
             "content": content,
         }
     except Exception as e:
-        raise HTTPException(status_code=500, detail=f"Error reading workflow: {str(e)}")
+        logger.exception(f"Error reading workflow {filename}: {e}")
+        raise HTTPException(status_code=500, detail="Error reading workflow")
