Enhance security architecture and guidelines across documentation and middleware; implement input validation, logging improvements, and security headers in API handlers.

2026-01-27 01:40:36 +01:00
parent abc60399d8
commit 06ece6dc1b
9 changed files with 176 additions and 6 deletions
--- a/go_cloud/internal/storage/nextcloud.go
+++ b/go_cloud/internal/storage/nextcloud.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"net/url"
 	"strings"
@@ -47,7 +48,7 @@ func CreateNextcloudUser(nextcloudBaseURL, adminUser, adminPass, username, passw
 		return fmt.Errorf("failed to create Nextcloud user (status %d): %s", resp.StatusCode, string(body))
 	}

-	fmt.Printf("[NEXTCLOUD] Created user account: %s with generated password\n", username)
+	log.Printf("[NEXTCLOUD] Created user account: %s with generated password\n", username)
 	return nil
 }

--- a/go_cloud/internal/storage/webdav.go
+++ b/go_cloud/internal/storage/webdav.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"net/url"
 	"path"
@@ -24,7 +25,7 @@ type WebDAVClient struct {
 // NewWebDAVClient returns nil if no Nextcloud URL configured
 func NewWebDAVClient(cfg *config.Config) *WebDAVClient {
 	if cfg == nil || strings.TrimSpace(cfg.NextcloudURL) == "" {
-		fmt.Printf("[WEBDAV] No Nextcloud URL configured, WebDAV client is nil\n")
+		log.Printf("[WEBDAV] No Nextcloud URL configured, WebDAV client is nil\n")
 		return nil
 	}
 	u := strings.TrimRight(cfg.NextcloudURL, "/")
@@ -32,7 +33,7 @@ func NewWebDAVClient(cfg *config.Config) *WebDAVClient {
 	if base == "" {
 		base = "/"
 	}
-	fmt.Printf("[WEBDAV] Initializing WebDAV client - URL: %s, User: %s, BasePath: %s\n", u, cfg.NextcloudUser, base)
+	log.Printf("[WEBDAV] Initializing WebDAV client - URL: %s, User: %s, BasePath: %s\n", u, cfg.NextcloudUser, base)
 	return &WebDAVClient{
 		baseURL:    u,
 		user:       cfg.NextcloudUser,