From 8c2b8c352f8c980c79bb4bb4772e8cbc02d14164 Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Mon, 26 Jan 2026 07:03:53 -1000
Subject: Phase 3: Error handling and security hardening

- Handle JSON marshal errors in sqlite.go (log + fallback to empty array)
- Add 30s timeout to Google Calendar client initialization
- Fix CSRF timing attack by using subtle.ConstantTimeCompare

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 cmd/dashboard/main.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'cmd')

diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
index d7da061..6b895d1 100644
--- a/cmd/dashboard/main.go
+++ b/cmd/dashboard/main.go
@@ -90,8 +90,11 @@ func main() {
 
 	var googleCalendarClient api.GoogleCalendarAPI
 	if cfg.HasGoogleCalendar() {
+		// Use timeout context to prevent startup hangs if credentials file is unreachable
+		initCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		var err error
-		googleCalendarClient, err = api.NewGoogleCalendarClient(context.Background(), cfg.GoogleCredentialsFile, cfg.GoogleCalendarID)
+		googleCalendarClient, err = api.NewGoogleCalendarClient(initCtx, cfg.GoogleCredentialsFile, cfg.GoogleCalendarID)
+		cancel()
 		if err != nil {
 			log.Printf("Warning: failed to initialize Google Calendar client: %v", err)
 		} else {
-- 
cgit v1.2.3