forked from molecule-ai/molecule-core
6259e69b42
Blast-radius isolation gap: AdminAuth called ValidateAnyToken which accepted any live workspace bearer token. A compromised workspace agent could present its own token to GET /admin/github-installation-token and steal the platform's GitHub App credential, or hit /approvals/pending to enumerate cross-workspace approvals. Fix: introduce a dedicated admin credential tier via ADMIN_TOKEN env var. When set, AdminAuth verifies the bearer against that secret exclusively (crypto/subtle constant-time comparison). Workspace tokens are rejected outright — no DB lookup occurs. When ADMIN_TOKEN is not set the previous behaviour is preserved as a deprecated backward-compat fallback (tier 3) so existing deployments without the env var don't break immediately. Credential tiers (evaluated in order): 1. Fail-open — no live tokens globally (fresh install / pre-Phase-30) 2. ADMIN_TOKEN match — env var set, bearer must equal it exactly 3. Fallback (deprecated) — any valid workspace token (ADMIN_TOKEN unset) Operators should set ADMIN_TOKEN=<openssl rand -base64 32> to fully close the blast-radius gap. Tier 3 will be removed in a future release. Fixes #684. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||