Goal
Harden song artifact access and static file serving so generated vocals, instrumentals, lyrics, and source audio cannot leak across users or expose unintended paths.
Scope
- audit all routes that serve files from
src/songs or generated artifacts
- ensure path traversal is impossible
- verify ownership/admin checks before returning song artifacts
- add tests for unauthorized access, deleted songs, missing files, and crafted track IDs
- document expected access model for public/private song playback
Why this matters
MelodAI processes downloaded audio and generated stems. The file-serving boundary is one of the highest-risk parts of the app and a good target for security review automation.
Goal
Harden song artifact access and static file serving so generated vocals, instrumentals, lyrics, and source audio cannot leak across users or expose unintended paths.
Scope
src/songsor generated artifactsWhy this matters
MelodAI processes downloaded audio and generated stems. The file-serving boundary is one of the highest-risk parts of the app and a good target for security review automation.