forked from molecule-ai/molecule-core
6259e69b42
Blast-radius isolation gap: AdminAuth called ValidateAnyToken which accepted any live workspace bearer token. A compromised workspace agent could present its own token to GET /admin/github-installation-token and steal the platform's GitHub App credential, or hit /approvals/pending to enumerate cross-workspace approvals. Fix: introduce a dedicated admin credential tier via ADMIN_TOKEN env var. When set, AdminAuth verifies the bearer against that secret exclusively (crypto/subtle constant-time comparison). Workspace tokens are rejected outright — no DB lookup occurs. When ADMIN_TOKEN is not set the previous behaviour is preserved as a deprecated backward-compat fallback (tier 3) so existing deployments without the env var don't break immediately. Credential tiers (evaluated in order): 1. Fail-open — no live tokens globally (fresh install / pre-Phase-30) 2. ADMIN_TOKEN match — env var set, bearer must equal it exactly 3. Fallback (deprecated) — any valid workspace token (ADMIN_TOKEN unset) Operators should set ADMIN_TOKEN=<openssl rand -base64 32> to fully close the blast-radius gap. Tier 3 will be removed in a future release. Fixes #684. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| artifacts | ||
| bundle | ||
| channels | ||
| crypto | ||
| db | ||
| envx | ||
| events | ||
| handlers | ||
| metrics | ||
| middleware | ||
| models | ||
| plugins | ||
| provisioner | ||
| registry | ||
| router | ||
| scheduler | ||
| supervised | ||
| ws | ||
| wsauth | ||