molecule-ai/molecule-core
35
0
Fork 2
Code Issues 21 Pull Requests 5 Actions 49 Packages Projects Releases Wiki Activity
2cecd4ee3d
molecule-core/canvas/src/lib
History
Hongming Wang 54bb543ff7 fix: code review findings — token UI, auth hardening, WS dedup 
1. Settings panel: wire TokensTab into "API Tokens" tab (was imported
   but not rendered). Rename "API Keys" → "Secrets", add "API Tokens"
   tab. Fix docs link → doc.moleculesai.app/docs/tokens.

2. Referer match hardening: require exact host match or trailing slash
   to prevent evil.com subdomain bypass. Cache CANVAS_PROXY_URL at
   init time instead of per-request os.Getenv.

3. Extract shared deriveWsBaseUrl() to lib/ws-url.ts — eliminates
   duplicate 12-line derivation in socket.ts and TerminalTab.tsx.

4. Token list pagination: add ?limit= and ?offset= params (default
   50, max 200) to GET /workspaces/:id/tokens.

507/507 canvas tests pass, Go build + vet clean.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 10:42:26 -07:00
..
__tests__ feat(canvas): /pricing route with plan selector + Stripe checkout 2026-04-15 13:41:44 -07:00
api feat(canvas): SaaS cross-origin — slug header + cookie credentials (Phase F) 2026-04-14 20:08:39 -07:00
validation initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
api.ts feat(tenant): combined platform + canvas Docker image with reverse proxy 2026-04-16 02:46:47 -07:00
auth.ts feat(canvas): AuthGate — redirect anonymous users to cp login (Phase F close) 2026-04-14 20:37:26 -07:00
billing.ts feat(canvas): /pricing route with plan selector + Stripe checkout 2026-04-15 13:41:44 -07:00
canvas-actions.ts initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
deploy-preflight.ts initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
design-tokens.ts fix(canvas): address all code review findings on PR #482 2026-04-16 07:48:47 -07:00
hydrate.ts initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
runtime-names.ts initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
services.ts initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
tenant.ts feat(canvas): SaaS cross-origin — slug header + cookie credentials (Phase F) 2026-04-14 20:08:39 -07:00
ws-url.ts fix: code review findings — token UI, auth hardening, WS dedup 2026-04-16 10:42:26 -07:00