core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
4e39201d76
molecule-core/workspace-server/internal
History
molecule-ai[bot] 5b5a634b5b fix(middleware): set org_id in context after orgtoken.Validate (F1097) (#1232) 
PR #1210 added org_api_tokens.org_id but c.Set("org_id", ...) was never
called — so orgCallerID() always returns "" and all token callers are
denied org-scoped access even within their own org.

Fix: after orgtoken.Validate succeeds in AdminAuth, look up the token's
org_id column and set it in the gin context. Pre-fix tokens (org_id=NULL)
get no org_id in context, which is correct — requireCallerOwnsOrg already
denies access for nil org_id.

Test: TestAdminAuth_OrgToken_SetsOrgID covers both post-fix tokens
(org_id set) and pre-fix tokens (org_id=NULL, not set).

Co-authored-by: Molecule AI Infra-SRE <infra-sre@agents.moleculesai.app>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 02:45:27 +00:00
..
artifacts chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
bundle fix: golangci-lint errors in bundle pkg + admin_memories test coverage (#1169) 2026-04-21 00:12:30 +00:00
channels fix(security): cap webhook + config PATCH bodies (H3/H4) 2026-04-19 01:23:03 -07:00
crypto chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
db test: schema_migrations tracking — 4 cases (first boot, re-boot, mixed, down.sql filter) 2026-04-18 11:52:27 -07:00
envx chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
events chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
handlers fix(F1089): log panic-recovery UPDATE errors in scheduler (#1233) 2026-04-21 02:45:25 +00:00
metrics chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
middleware fix(middleware): set org_id in context after orgtoken.Validate (F1097) (#1232) 2026-04-21 02:45:27 +00:00
models feat: seed initial memories from org template and create payload (#1050) 2026-04-20 00:35:49 -07:00
orgtoken fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200) (#1220) 2026-04-21 02:11:27 +00:00
plugins chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
provisioner feat(platform): bootstrap-failed + console endpoints for CP watcher 2026-04-20 17:11:34 -07:00
registry fix(test): align ssrf_test.go localhost test cases with isSafeURL behaviour (#1192) 2026-04-21 02:08:45 +00:00
router Merge remote-tracking branch 'origin/staging' into feat/bootstrap-failed-and-console-proxy 2026-04-20 17:31:16 -07:00
scheduler fix(F1089): log panic-recovery UPDATE errors in scheduler (#1233) 2026-04-21 02:45:25 +00:00
supervised chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
ws chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
wsauth chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00