M0 security hardening: fix all vulnerabilities and resolve build errors

- Fix 5 source files corrupted with markdown formatting by previous AI
- Remove secret logging from auth middleware, signup, and recovery handlers
- Add role validation (ALLOWED_ROLES allowlist) to all 10 data_api + storage handlers
- Fix JavaScript injection in Deno runtime via double-serialization
- Add UUID validation to TUS upload paths to prevent path traversal
- Gate token issuance on email confirmation (AUTH_AUTO_CONFIRM env var)
- Reject unconfirmed users on login with 403
- Prevent OAuth account takeover (409 on email conflict with different provider)
- Replace permissive CORS (allow_origin Any) with ALLOWED_ORIGINS env var
- Wire session-based admin auth into control plane, add POST /platform/v1/login
- Hide secrets from list_projects API via ProjectSummary struct
- Add missing deps (redis, uuid, chrono, tower-http fs feature)
- Fix http version mismatch between reqwest 0.11 and axum 0.7 in proxy
- Clean up all unused imports across workspace

Build: zero errors, zero warnings. Tests: 10 passed, 0 failed.
Made-with: Cursor

storage/src/tus.rs

@@ -27,18 +27,27 @@ struct TusMetadata {
     content_type: String,
 }
 
-fn get_upload_path(id: &str) -> PathBuf {
+fn validate_upload_id(id: &str) -> Result<(), (StatusCode, String)> {
+    Uuid::parse_str(id).map_err(|_| {
+        (StatusCode::BAD_REQUEST, "Invalid upload ID".to_string())
+    })?;
+    Ok(())
+}
+
+fn get_upload_path(id: &str) -> Result<PathBuf, (StatusCode, String)> {
+    validate_upload_id(id)?;
     let mut path = std::env::temp_dir();
     path.push("madbase_tus");
     path.push(id);
-    path
+    Ok(path)
 }
 
-fn get_info_path(id: &str) -> PathBuf {
+fn get_info_path(id: &str) -> Result<PathBuf, (StatusCode, String)> {
+    validate_upload_id(id)?;
     let mut path = std::env::temp_dir();
     path.push("madbase_tus");
     path.push(format!("{}.info", id));
-    path
+    Ok(path)
 }
 
 pub async fn tus_options() -> impl IntoResponse {
@@ -110,12 +119,12 @@ pub async fn tus_create_upload(
         "content_type": content_type
     });
     
-    let info_path = get_info_path(&upload_id);
+    let info_path = get_info_path(&upload_id)?;
     fs::write(&info_path, serde_json::to_string(&info).unwrap()).await
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
 
     // Create empty file
-    let upload_path = get_upload_path(&upload_id);
+    let upload_path = get_upload_path(&upload_id)?;
     fs::File::create(&upload_path).await
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
 
@@ -152,12 +161,12 @@ pub async fn tus_patch_upload(
         .ok_or((StatusCode::BAD_REQUEST, "Missing Upload-Offset".to_string()))?;
 
     // 4. Verify existence and offset
-    let info_path = get_info_path(&upload_id);
+    let info_path = get_info_path(&upload_id)?;
     if !info_path.exists() {
         return Err((StatusCode::NOT_FOUND, "Upload not found".to_string()));
     }
     
-    let upload_path = get_upload_path(&upload_id);
+    let upload_path = get_upload_path(&upload_id)?;
     let metadata = fs::metadata(&upload_path).await
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
     
@@ -241,12 +250,12 @@ pub async fn tus_patch_upload(
 pub async fn tus_head_upload(
     Path(upload_id): Path<String>,
 ) -> Result<impl IntoResponse, (StatusCode, String)> {
-    let info_path = get_info_path(&upload_id);
+    let info_path = get_info_path(&upload_id)?;
     if !info_path.exists() {
         return Err((StatusCode::NOT_FOUND, "Upload not found".to_string()));
     }
 
-    let upload_path = get_upload_path(&upload_id);
+    let upload_path = get_upload_path(&upload_id)?;
     let metadata = fs::metadata(&upload_path).await
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;