fix(bootstrap): validate access_key server-side, prevent stale cache bypass

When a URL access_key is present, skip the Dexie cache fast-path in lookup_site_domain entirely — the key must be validated against the API. Previously, a stale cached entry with a previously-valid key would be returned immediately, allowing access even after the key changed or was revoked in the URL. Also: add site_domain_access_key to properties_to_save__site_domain so domain-level keys are persisted to Dexie for cache validation; remove shadow access_key re-declaration in +layout.ts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-31 15:07:41 -04:00
parent 84dc3dd158
commit e6daf6b503
3 changed files with 76 additions and 38 deletions
--- a/src/lib/ae_core/ae_core__site.ts
+++ b/src/lib/ae_core/ae_core__site.ts
@@ -112,29 +112,33 @@ export async function lookup_site_domain({
        console.log(`*** lookup_site_domain() *** fqdn=${fqdn} (Cache-First)`);
    }

-    // 1. FAST PATH: Check local cache first
-    let cached = null;
-    try {
-        cached = await db_core.site_domain.where('fqdn').equals(fqdn).first();
-        if (cached) {
-            if (log_lvl)
-                console.log(
-                    'BOOTSTRAP: Cache hit. Returning cached site domain immediately.'
-                );
+    // 1. FAST PATH: Check local cache first.
+    // Skip when access_key is provided — the key must be validated server-side.
+    // A stale cached entry with a previously-valid key must not grant access if the
+    // URL key has changed or been revoked.
+    if (!access_key) {
+        try {
+            const cached = await db_core.site_domain.where('fqdn').equals(fqdn).first();
+            if (cached) {
+                if (log_lvl)
+                    console.log(
+                        'BOOTSTRAP: Cache hit. Returning cached site domain immediately.'
+                    );

-            // Trigger background refresh to keep cache fresh, but don't await it
-            _refresh_site_domain_background({
-                api_cfg,
-                fqdn,
-                view,
-                log_lvl: 0,
-                access_key
-            });
+                // Trigger background refresh to keep cache fresh, but don't await it
+                _refresh_site_domain_background({
+                    api_cfg,
+                    fqdn,
+                    view,
+                    log_lvl: 0,
+                    access_key
+                });

-            return cached as any;
+                return cached as ae_SiteDomain;
+            }
+        } catch (err) {
+            console.warn('BOOTSTRAP: Cache read failed.', err);
        }
-    } catch (err) {
-        console.warn('BOOTSTRAP: Cache read failed.', err);
    }

    // 2. SLOW PATH: Wait for API if cache is empty
@@ -730,6 +734,7 @@ const properties_to_save__site_domain = [
    'account_name',
    'fqdn',
    'access_key',
+    'site_domain_access_key',
    'enable',
    'enable_from',
    'enable_to',