docs(audit): align documentation with post-remediation backend reality
- Update data model enums to match backend models - Update API reference auth requirements - Add dispute module references and warning blocks - Add 2026-05-24 audit remediation callout to Overview - Generate task breakdowns and audit artifacts - Add doc alignment report (.taskmaster/reports/)
This commit is contained in:
35
Taskmaster/Tasks/task-2-5.md
Normal file
35
Taskmaster/Tasks/task-2-5.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
taskmaster_id: "2.5"
|
||||
status: "done"
|
||||
priority: "medium"
|
||||
depends_on: ["1"]
|
||||
parent_id: "2"
|
||||
source: "taskmaster"
|
||||
generated_at: "2026-05-24T07:15:25.199Z"
|
||||
---
|
||||
|
||||
# 2.5 - Lock Socket.IO room joins to authenticated context
|
||||
|
||||
- [x] 2.5 - Lock Socket.IO room joins to authenticated context #taskmaster #priority/medium #status/done 🔼 🆔 tm-2-5 ⛔ tm-1
|
||||
|
||||
## Metadata
|
||||
|
||||
| Field | Value |
|
||||
| --- | --- |
|
||||
| Taskmaster ID | 2.5 |
|
||||
| Status | done |
|
||||
| Priority | medium |
|
||||
| Dependencies | 1 |
|
||||
| Parent | 2 - Implement platform audit remediation plan |
|
||||
|
||||
## Description
|
||||
|
||||
Remove trust in client-supplied user/buyer/seller room IDs.
|
||||
|
||||
## Details
|
||||
|
||||
Validate socket handshake token, derive server-side room membership, reject mismatched joins, and monitor suspicious join attempts.
|
||||
|
||||
## Verification
|
||||
|
||||
A user cannot subscribe to another user's rooms; legitimate realtime notifications still arrive.
|
||||
Reference in New Issue
Block a user