molecule-ai/molecule-core
35
0
Fork 2
Code Issues 6 Pull Requests 1 Actions 49 Packages Projects Releases Wiki Activity
bb25d54daa
molecule-core/platform/internal/middleware
History
Hongming Wang 54bb543ff7 fix: code review findings — token UI, auth hardening, WS dedup 
1. Settings panel: wire TokensTab into "API Tokens" tab (was imported
   but not rendered). Rename "API Keys" → "Secrets", add "API Tokens"
   tab. Fix docs link → doc.moleculesai.app/docs/tokens.

2. Referer match hardening: require exact host match or trailing slash
   to prevent evil.com subdomain bypass. Cache CANVAS_PROXY_URL at
   init time instead of per-request os.Getenv.

3. Extract shared deriveWsBaseUrl() to lib/ws-url.ts — eliminates
   duplicate 12-line derivation in socket.ts and TerminalTab.tsx.

4. Token list pagination: add ?limit= and ?offset= params (default
   50, max 200) to GET /workspaces/:id/tokens.

507/507 canvas tests pass, Go build + vet clean.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 10:42:26 -07:00
..
ratelimit_test.go fix(router): call SetTrustedProxies(nil) to close IP-spoofing bypass (#179) 2026-04-15 17:32:54 +00:00
ratelimit.go fix: #93 category_routing + #105 X-RateLimit headers 2026-04-15 00:23:46 -07:00
securityheaders_test.go fix: address all code review findings + remove exposed secrets 2026-04-16 05:05:49 -07:00
securityheaders.go fix: address all code review findings + remove exposed secrets 2026-04-16 05:05:49 -07:00
tenant_guard_test.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
tenant_guard.go fix(middleware): tenant guard reads bare UUID from state= (no prefix) 2026-04-14 18:09:44 -07:00
wsauth_middleware_test.go chore(test): remove dead constants from wsauth_middleware_test.go (#358) 2026-04-16 05:02:11 +00:00
wsauth_middleware.go fix: code review findings — token UI, auth hardening, WS dedup 2026-04-16 10:42:26 -07:00